#!/usr/bin/env python3 """ OSINT IP Intelligence Gatherer Queries free APIs for IP reputation, geolocation, ASN info """ import requests import json import sys # Target IPs from infrastructure recon TARGET_IPS = [ # khamenei.ir "5.160.10.200", "5.160.10.201", "5.160.10.202", "81.12.39.177", "94.232.174.104", "185.143.234.120", # moqawama.org.lb "91.109.206.65", "176.74.216.191", # almanar.com.lb "5.35.14.164", "5.35.14.165", "47.250.57.153", ] def ip_api_lookup(ip): """Query ip-api.com for geolocation""" url = f"http://ip-api.com/json/{ip}?fields=status,message,country,countryCode,region,city,zip,lat,lon,timezone,isp,org,as,asname,reverse,query" try: r = requests.get(url, timeout=10) return r.json() except: return None def ipinfo_lookup(ip): """Query ipinfo.io for basic info""" url = f"https://ipinfo.io/{ip}/json" try: r = requests.get(url, timeout=10) return r.json() except: return None def abuseipdb_check(ip): """Check AbuseIPDB (requires API key for full access)""" # Basic check without API key url = f"https://www.abuseipdb.com/check/{ip}" return {'url': url, 'note': 'Visit URL for abuse reports'} def full_ip_intel(ip): """Gather all intel on an IP""" print(f"\n{'='*60}") print(f" IP INTELLIGENCE: {ip}") print("="*60) # ip-api.com data = ip_api_lookup(ip) if data and data.get('status') == 'success': print(f"\n [+] Geolocation (ip-api.com):") print(f" Country: {data.get('country')} ({data.get('countryCode')})") print(f" Region: {data.get('region')}") print(f" City: {data.get('city')}") print(f" Coords: {data.get('lat')}, {data.get('lon')}") print(f" ISP: {data.get('isp')}") print(f" Org: {data.get('org')}") print(f" ASN: {data.get('as')}") print(f" Reverse: {data.get('reverse')}") # ipinfo.io data2 = ipinfo_lookup(ip) if data2: print(f"\n [+] Additional Info (ipinfo.io):") print(f" Hostname: {data2.get('hostname', 'N/A')}") print(f" Org: {data2.get('org', 'N/A')}") # AbuseIPDB link print(f"\n [+] Abuse Check:") print(f" https://www.abuseipdb.com/check/{ip}") return data def batch_intel(): """Run intel on all target IPs""" results = {} for ip in TARGET_IPS: results[ip] = full_ip_intel(ip) return results def export_results(results): """Export to JSON""" import os output_path = os.path.join(os.path.dirname(__file__), '..', 'resources', 'ip_intel.json') with open(output_path, 'w') as f: json.dump(results, f, indent=2) print(f"\n[+] Exported to: {output_path}") if __name__ == "__main__": print("="*60) print(" OSINT IP INTELLIGENCE GATHERER") print("="*60) if len(sys.argv) > 1: if sys.argv[1] == "--export": results = batch_intel() export_results(results) else: full_ip_intel(sys.argv[1]) else: print("\n[*] Running intel on all target IPs...\n") batch_intel() print("\n" + "="*60) print(" TARGET IP REFERENCE") print("="*60) for ip in TARGET_IPS: print(f" {ip}")