go-ip-fraud-check

go-ip-fraud-check has a feature to detect fraud from ip addresss. it provides both of cli binary and golang API.

Supported Providers

Quick Usage for binary

install

Download binary from release page, or build from source:

$ git clone --depth 1 https://github.com/evalphobia/go-ip-fraud-check.git
$ cd ./go-ip-fraud-check/cmd
$ go build -o ./go-ip-fraud-check .

Subcommands

root command

$ go-ip-fraud-check
Commands:

  help     show help
  single   Exec api call of ip address fraud check providers for single ip
  list     Exec api call of ip address fraud check providers from csv list file
  providers   Show supported provider types

single command

single command is used to check single ip address.

./go-ip-fraud-check single -h

Exec api call of ip address fraud check providers for single ip

Options:

  -h, --help       display help information
  -p, --provider  *set types of api provider (space separated) --provider='ipdata ipinfo minfraud'
  -i, --ip         input ip address --ip='8.8.8.8'
      --route      set if you need route data from IRR --route
      --debug      set if you need verbose logs --debug

For example, you can check ip address like below

# set auth data
$ export FRAUD_CHECK_IPDATACO_APIKEY=xxx
$ export FRAUD_CHECK_IPINFOIO_TOKEN=yyy

# check ip address
$ ./go-ip-fraud-check single -p 'ipdata ipinfo' -i 8.8.8.8

2021/10/25 00:54:26 [INFO] Use ipdata.co
2021/10/25 00:54:26 [INFO] Use ipinfo.io
{"list":[{"service_name":"ipdata.co","ip":"8.8.8.8","hostname":"","isp":"Google LLC","organization":"","asn":15169,"risk_score":0,"is_vpn":false,"is_hosting":false,"is_proxy":false,"is_tor":false,"is_bot":false,"is_bogon":false,"has_other_threat":false,"threat_comment":"","country":"US","city":"","region":"","latitude":0,"longitude":0,"error":""},{"service_name":"ipinfo.io","ip":"8.8.8.8","hostname":"dns.google","isp":"","organization":"Google LLC","asn":15169,"risk_score":0,"is_vpn":false,"is_hosting":false,"is_proxy":false,"is_tor":false,"is_bot":false,"is_bogon":false,"has_other_threat":false,"threat_comment":"","country":"US","city":"Mountain View","region":"California","latitude":37.4056,"longitude":-122.0775,"error":""}],"as_prefix":null}

list command

list command is used to check multiple ip address from list and save results to output file.

./go-ip-fraud-check list -h

Exec api call of ip address fraud check providers from csv list file

Options:

  -h, --help           display help information
  -p, --provider      *set types of api provider (space separated) --provider='ipdata ipinfo minfraud'
  -i, --input         *input csv/tsv file path --input='./input.csv'
  -o, --output        *output tsv file path --output='./output.tsv'
      --route          set if you need route data from IRR (this might be slow) --route
      --interval       time interval after a API call to handle rate limit (ms=msec s=sec, m=min) --interval=1.5s
  -m, --parallel[=2]   parallel number (multiple API calls) --parallel=2
  -v, --verbose        set if you need detail logs --verbose
      --debug          set if you use HTTP debug feature --debug

For example, you can check ip address from csv list like below

# set auth data
$ export FRAUD_CHECK_IPDATACO_APIKEY=xxx
$ export FRAUD_CHECK_IPINFOIO_TOKEN=yyy

# prepare CSV file
$ cat input.csv
ip_address
8.8.8.8
8.8.4.4
1.1.1.1


# check risk from the CSV file
$ ./go-ip-fraud-check list -p 'ipdata ipinfo' -i ./input.csv -o ./output.tsv
2021/10/25 00:58:29 [INFO] Use ipdata.co
2021/10/25 00:58:29 [INFO] Use ipinfo.io
2021/10/25 00:58:30 [INFO] exec #: [2]
2021/10/25 00:58:29 [INFO] exec #: [0]
2021/10/25 00:58:31 [INFO] exec #: [1]

$ cat output.tsv
service	ip_address	hostname	risk_score	isp	organization	asn	country	city	region	latitude	longitude	is_vpn	is_hosting	is_proxy	is_tor	is_bot	is_bogon	has_other_threat	threat_comment	error
ipdata.co	8.8.8.8		0.00000	Google LLC		15169	US			0.00000	0.00000	false	false	false	false	false	false	false
ipinfo.io	8.8.8.8	dns.google	0.00000		Google LLC	15169	US	Mountain View	California	37.40560	-122.07750	false	false	false	false	false	false	false
ipdata.co	8.8.4.4		0.00000	Google LLC		15169	US			0.00000	0.00000	false	false	false	false	false	false	false
ipinfo.io	8.8.4.4	dns.google	0.00000		Google LLC	15169	US	Mountain View	California	37.40560	-122.07750	false	false	false	false	false	false	false
ipdata.co	1.1.1.1		0.00000	Cloudflare, Inc.		13335	AU			0.00000	0.00000	false	false	false	false	false	false	false
ipinfo.io	1.1.1.1	one.one.one.one	0.00000		Cloudflare, Inc.	13335	US	San Francisco	California37.76210	-122.39710	false	true	false	false	false	false	false



# if provider has a rate limit, then use --interval and --parallel option.
$ ./go-ip-fraud-check list -p 'shodan' -i ./input.csv -o ./output.tsv --interval=1.2s --parallel=1

providers command

providers command is used to see supported providers.

$ ./go-ip-fraud-check providers
[bigdatacloud ip2proxy ipdata ipgeolocation ipinfo ipqualityscore ipregistry minfraud shodan]

Quick Usage for API

package main

import (
	"fmt"

	"github.com/evalphobia/go-ip-fraud-check/ipfraudcheck"
	"github.com/evalphobia/go-ip-fraud-check/provider"
	"github.com/evalphobia/go-ip-fraud-check/provider/ipdataco"
	"github.com/evalphobia/go-ip-fraud-check/provider/ipinfoio"
)

func main() {
	conf := ipfraudcheck.Config{
        // you can set auth values to config directly, otherwise used from environment variables.
		IPdatacoAPIKey:  "<your ipdata.co API key>",
		IPinfoioToken:  "<your ipinfo.io API token>",
		UseRoute:   true,
		Debug:      false,
	}

	svc, err := ipfraudcheck.New(conf, []provider.Provider{
		&ipdataco.IPdatacoProvider{},
		&ipinfo.IPinfoioProvider{},
	})
	if err != nil {
		panic(err)
	}

	// execute score API
	resp, err := svc.CheckIP("8.8.8.8")
	if err != nil {
		panic(err)
	}

	for _, r := range resp.List {
		// just print response in json format
		b, _ := json.Marshal(r)
		fmt.Printf("%s", string(b))
	}
}

see example dir for more examples.

Environment variables

Name	Description
`FRAUD_CHECK_ABUSEIPDB_APIKEY`	AbuseIPDB API Key.
`BIGDATACLOUD_APIKEY`	Big Data Cloud API Key.
`FRAUD_CHECK_DBIP_APIKEY`	dbip API key.
`FRAUD_CHECK_IP2PROXY_APIKEY`	ip2proxy API key.
`FRAUD_CHECK_IP2PROXY_PACKAGE`	ip2proxy package parameter.
`FRAUD_CHECK_IPDATACO_APIKEY`	ipdata.co API key.
`FRAUD_CHECK_IPGEOLOCATION_APIKEY`	ipgeolocation API key.
`FRAUD_CHECK_IPIFY_APIKEY`	ipify API key.
`FRAUD_CHECK_IPINFOIO_TOKEN`	ipinfo.io API token.
`IPQS_APIKEY`	IPQualityScore API Key.
`FRAUD_CHECK_IPSTACK_APIKEY`	ipstack API key.
`IPREGISTRY_APIKEY`	Ipregistry API Key.
`MINFRAUD_ACCOUNT_ID`	MaxMind Account ID.
`MINFRAUD_LICENSE_KEY`	MaxMind License Key.
`FRAUD_CHECK_SHODAN_APIKEY`	Shodan API Key.
`FRAUD_CHECK_SPUR_TOKEN`	spur API token.

suqi / go-ip-fraud-check