--- Starting Threat Intel Scan ---
[*] Loaded 3 IP addresses to scan.
Checking 192.168.1.5 ... [SAFE] Score: 0/90 | ISP: Google LLC | Country: US
Checking 185.72.1.1 ... [MALICIOUS] Score: 18/90 | ISP: BadActor Net | Country: RU
Checking 8.8.8.8 ... [SAFE] Score: 0/90 | ISP: Google LLC | Country: US
[*] Scan complete. Report saved to: my_report.csv
In a Security Operations Center (SOC), analysts often encounter hundreds of suspicious IP addresses daily. Manually checking each IP against reputation databases like VirusTotal is time-consuming and prone to human error. I wanted to reduce the "Time to Triage" by automating this lookup process while ensuring the tool was robust enough to handle API limitations.
I developed a Python CLI tool that utilizes argparse for arguments and requests to query the VirusTotal v3 API. It parses the JSON response to extract key metrics (Malicious Score, ISP, Country) and handles API rate limiting automatically.
Technical Features:
colorama library for the colored output shown above.Interested in the source code?