Threat Monitoring using the DShield API from SANS
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.md
config-dist.cfg
dshield.py
threatmonitor.py
tmon.py
utilities.py

README.md

TMon - Internet Threat Monitor

TMon is a small tool which monitors the current online threat levels. It has a green, yellow, red level indicator, and information about top attacked ports and countries. It also provides information about the unique attacking sources (IPs)

The script gathers its information from the DShield API provided by SANS.

Dependencies

These are the modules used by TMon

  • argparse
  • datetime
  • ConfigParser
  • time
  • requests
  • os
  • fcntl
  • termios
  • struct
  • sys
  • termcolor
  • json
  • pygeoip
  • IPy

TODO

  • Add more port services
  • Add functionality for update snapshots
  • Add single snapshot functionality (instead of continuous monitoring)
  • Add attack difference display to see if anything has change since last update

Set up

Before you can use start using TMon you need to do the following

  • Download and extract GeoIP.dat from maxmind (direct download)
  • Rename config-dist.cfg to config.cfg
  • Change the value of filepath under the geolocation section to point to your GeoIP.dat file

Options

-h, --help         show this help message and exit
--interval SEC     Update interval. Use this to overrive the value in the
                   configurations
--flush-log        Flush log on start
--debug            Enable debug mode
--max-ports #      Max number of ports to display
--max-ips #        Max number of sources to display
--max-countries #  Max number of countries to display
--status-only      Only display current threat status

Usage

usage: tmon.py [-h] [--interval SEC] [--flush-log] [--debug] [--max-ports #]
               [--max-ips #] [--max-countries #] [--status-only]

Screenshot

Image Image

Change log

2018-12-08

[+] Fixed a bug with ljust on int

2016-01-28

[+] Fixed bugs
[+] Added new command line options

2015-03-16

[+] Initial release