Skip to content

Real time IP analysis for failed SSH login attempts using the Virus Total and Shodan API.

Notifications You must be signed in to change notification settings

ChrisIvie/Pottr-COMB

Repository files navigation

COMB by Pottr.io

Real time IP analysis/threat detection using the Virus Total and Shodan API. Included with a full web GUI and perfect for running in the background.

Demo of Web interface: https://notgoogle.com/report/index.php

The results on the page above are real SSH login attempts to my public web server.

Installation

Requirements: PHP 7+ php 7 sqlite pip

Note: Default log location: /var/log/auth.log

  1. Git clone this repo
  2. Insert Virus Total API key into virustotal-report.py.
  3. Insert Shodan API key into shodan-report.py
  4. run pip install -r requirements.txt
  5. run ./comb-start.sh

Virus Total API

Generating the Virus Total API keys:

  1. Login or create an account on Virus total
  2. Once logged in click on your name in the top right > API key.

Note: This API is limited, 4 request per minute.

Alt text

Shodan API

  1. Head over to https://developer.shodan.io/
  2. Create an account
  3. you will see 'Show API Key' at the top of the page.

Alt text

Web interface

Alt text

PHP has a built in simple HTTP server, currently binded to 127.0.0.1:80 in ./comb-start.sh

Note: The web UI can be located in the ./report folder, currently 75 results are loaded in from the database, possiblily repeats. Each result "card" uses VT and Shodan analysis results. Green = Virus Total. Yellow = Shodan.

Files

.
├── report                  # Index.php, css/ js/
├── comb-start.sh           # Bash script for starting Web server
├── requirements.txt        # Required python packages         
├── shodan-report.py        # Place shodan API key in this file
├── virustotal-report.py    # Place Virus Total API key in this file
└── README.md

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. (I know the Web interface is ugly, i'll be adjusting this)

Please make sure to update tests as appropriate.

License

MIT

About

Real time IP analysis for failed SSH login attempts using the Virus Total and Shodan API.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published