Skip to content
/ network-intelligence Public

Network Intelligence is a Python application designed to gather network connection information and check it against threat intelligence platforms. This tool helps in identifying potentially malicious IP addresses and enhancing network security. It is OS-agnostic, running seamlessly on Windows, MacOS, and Linux.

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bovf/network-intelligence

BranchesTags

Repository files navigation

Network Intelligence

Network Intelligence is a Python application that gathers network connection information and checks it against a threat intelligence platform.

Installation

Clone the repository:

git clone https://github.com/bovf/network-intelligence.git
cd network-intelligence

Install the package:

pip install .

Adding to PATH

On Linux and MacOS

  1. Create a symlink:

    sudo ln -s /path/to/venv/bin/network-intelligence /usr/local/bin/network-intelligence

  2. Verify the symlink:

    network-intelligence --help

On Windows

  1. Add the directory containing network-intelligence to the system PATH:

    • Open the Start Search, type in "env", and select "Edit the system environment variables".
    • In the System Properties window, click on the "Environment Variables" button.
    • In the Environment Variables window, scroll down to the "System variables" section, select the "Path" variable, and click "Edit".
    • Click "New" and add the path to the directory containing network-intelligence. For example, C:\path\to\venv\Scripts.
    • Click "OK" to close all the windows.

  2. Verify the PATH update by opening a new Command Prompt and running:

    network-intelligence --help

Configuration

Obtain an API Key

  1. Go to AbuseIPDB.
  2. Sign up for a free account if you don't already have one.
  3. Once logged in, navigate to the API key management page.
  4. Generate a new API key and copy it.

Add the API Key to the Configuration

  1. Encode your API key in base64:

    echo -n 'YOUR_ACTUAL_API_KEY' | base64

  2. Copy the base64 encoded API key.

  3. Open the config.yaml file in the project directory and add your encoded API key:

    # config.yaml
api_key: "BASE64_ENCODED_API_KEY"

Usage

To run the application, specify the source of IP addresses:

For active connections:

sudo network-intelligence --source active

For connections from a log file:

network-intelligence --source log --logfile path/to/network_logs.txt

To display the help message:

network-intelligence --help

Additional Options

  • To save the results to a file, use the --output option:

    network-intelligence --source active --output results.json

  • To display detailed reports, use the --detailed option:

    network-intelligence --source active --detailed

  • Both options can be combined:

    network-intelligence --source active --output results.json --detailed

Extending

To add a new threat intelligence platform, create a new connector in the connectors directory by extending the BaseConnector class and implementing the check_ip method.

Screenshots

Screenshot 1 Screenshot 2 Screenshot 3

About

Network Intelligence is a Python application designed to gather network connection information and check it against threat intelligence platforms. This tool helps in identifying potentially malicious IP addresses and enhancing network security. It is OS-agnostic, running seamlessly on Windows, MacOS, and Linux.

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages