Usage examples
Jozef Reisinger edited this page May 11, 2023
·
55 revisions
Check multiple IP addresses coming from STDIN:
dig +short eset.sk | checkip
Get CVEs per IP address:
echo '80[.]239[.]140[.]66, 45[.]9[.]148[.]221, 45[.]9[.]148[.]121, 45[.]9[.]249[.]58' | \
perl -wpe 's/[[\],]//g' | perl -wpe 's/ /\n/g' | \
checkip -j 2>/dev/null | \
jq -r '.ipaddr as $ip | .checks[] | select(.name=="shodan.io") | "\($ip) \(.info.vulns[])"'
From JSON output, select only Sec (1) and InfoSec (2) check type and show which check considers the IP address to be malicious:
checkip -j 91.228.166.47 | \
jq -r '.checks[] | select(.type > 0) | "\(.malicious) \(.name)"'
Find out who is trying to SSH into your Linux system:
sudo journalctl --unit ssh --since "1 hour ago" | \
grep 'Bye Bye' | perl -wlne '/from ([\d\.]+)/ && print $1' | sort | uniq | \
checkip 2> /dev/null
Find out who interacts with your Linux system:
sudo journalctl --since today | \
perl -wlne '/((?:\d{1,3}\.){3}\d{1,3})/ && print $1' | \
checkip 2> /dev/null
sudo journalctl --since today | \
perl -wlne '/((?:\d{1,3}\.){3}\d{1,3})/ && print $1' | sort | uniq > /tmp/ips.txt
cat /tmp/ips.txt | checkip 2> /dev/null
Continuously generate random IP addresses and check them (hit Ctrl-C to stop):
while true; do ./randip; sleep 2; done | checkip 2> /dev/null
Generate 30 random IP addresses and see their probability of being malicious:
./randip 30 | checkip -a -c 10 -j 2> /dev/null | \
jq -r '"\(.malicious_prob) \(.ipaddr)"'
Generate 100 random IP addresses and select Russians or Chinese:
./randip 100 | checkip -c 20 -j 2> /dev/null | \
jq -r '.ipaddr as $ip | .checks[] | select (.name == "db-ip.com" and (.info.iso_code == "RU" or .info.iso_code == "CN")) | $ip'