A Python application that checks the reputation of IP addresses using multiple data sources and security databases.
- Multi-source reputation checking: Uses ipinfo.io for basic IP information
- Behavioral analysis: Analyzes IP characteristics (private, public, multicast, etc.)
- Multiple output formats: Human-readable or JSON output
- Command-line interface: Easy to use with optional IP parameter
- Extensible: Ready for integration with additional reputation services
- Clone or download the project
- Create a virtual environment:
python -m venv venv
- Activate the virtual environment:
# On Windows: .\venv\Scripts\Activate.ps1 # On macOS/Linux: source venv/bin/activate
- Install dependencies:
pip install -r requirements.txt
Check the default IP address (8.8.8.8):
python ip_reputation_checker.pyCheck a specific IP address:
python ip_reputation_checker.py 1.1.1.1
python ip_reputation_checker.py 192.168.1.1python ip_reputation_checker.py --helpip: IP address to check (optional, defaults to 8.8.8.8)--json: Output results in JSON format instead of human-readable format
# Check Google's DNS server
python ip_reputation_checker.py 8.8.8.8
# Check Cloudflare's DNS server with JSON output
python ip_reputation_checker.py 1.1.1.1 --json
# Check a private IP address
python ip_reputation_checker.py 192.168.1.1The tool provides:
- IP Location & Basic Info: Geographic location, organization, timezone
- Reputation Checks: Results from various security databases
- Behavioral Analysis: Risk assessment based on IP characteristics
- Summary: Overall risk level assessment
🔍 Checking reputation for IP: 8.8.8.8
==================================================
📍 Getting IP location and basic info...
🛡️ Checking against reputation databases...
🔬 Analyzing IP behavior patterns...
📊 REPUTATION REPORT FOR 8.8.8.8
⏰ Checked at: 2026-01-27T20:34:20.713962
============================================================
🌍 IP LOCATION & BASIC INFO:
• Ip: 8.8.8.8
• Hostname: dns.google
• City: Mountain View
• Region: California
• Country: US
• Loc: 37.4056,-122.0775
• Org: AS15169 Google LLC
• Postal: 94043
• Timezone: America/Los_Angeles
• Anycast: True
🛡️ REPUTATION CHECKS:
[Results from various security services]
🔬 BEHAVIORAL ANALYSIS:
• Risk Level: Unknown
• No specific risk factors identified
📋 SUMMARY:
❓ Risk level could not be determined
For comprehensive reputation checking, the tool supports integration with:
- AbuseIPDB: Community-driven IP blacklist database
- VirusTotal: Multi-engine malware and reputation scanner
- IPQualityScore: Advanced IP reputation and fraud detection
- AbuseIPDB: Sign up at https://www.abuseipdb.com/ (free tier: 1,000 requests/day)
- VirusTotal: Sign up at https://www.virustotal.com/ (free tier: 4 requests/minute)
- IPQualityScore: Sign up at https://www.ipqualityscore.com/ (free tier: 5,000 requests/month)
To add API keys, modify the ip_reputation_checker.py file:
# In the check_abuseipdb method:
headers = {
'Accept': 'application/json',
'Key': 'YOUR_ACTUAL_API_KEY_HERE' # Replace with your API key
}requests: HTTP library for API callsipinfo: IP information lookup serviceipaddress: Built-in Python library for IP address validation
- IP Validation: Validates IP address format
- Error Handling: Graceful handling of API failures
- Rate Limiting: Built-in timeouts to avoid overwhelming services
- Multiple Output Formats: Human-readable and JSON output
- Extensible Architecture: Easy to add new reputation sources
- The tool makes outbound HTTP requests to check IP reputation
- API keys should be stored securely (environment variables recommended)
- Rate limiting should be implemented for production use
- Results should be cached to avoid repeated API calls
To add new reputation sources:
- Add a new method following the pattern
check_[servicename] - Update the
check_ip_reputationmethod to call the new service - Update this README with information about the new service
This project is provided as-is for educational and security research purposes.