Skip to content
/ ip-malicious-db Public

Go tool that loads malicious IPs and ranges 🌍 from FireHOL blocklists into a Neo4j database. Use it to identify threats and enhance your network's security posture! πŸš€

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

by2waysprojects/ip-malicious-db

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

6 Commits
cmd
cmd
Β 
Β 
controllers
controllers
Β 
Β 
deployment/ip-malicious-app
deployment/ip-malicious-app
Β 
Β 
routes
routes
Β 
Β 
services
services
Β 
Β 
.env
.env
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 

Repository files navigation

Malicious IP Database with Neo4j

ip-malicious-db is a Go service designed to load and manage malicious IPs and IP ranges by country. The service retrieves IP data from GitHub, specifically the FireHOL IP blocklists, and stores it in a Neo4j database as nodes with the fields id (IP address) and country (ISO 3166-1 alpha-2 country code).

πŸš€ Features

  • πŸ—‚οΈ Fetches and stores malicious IPs and IP ranges categorized by country.
  • 🌐 Retrieves data from the FireHOL blocklist IPsets.
  • πŸ›’οΈ Persists the data in a Neo4j database for advanced querying and integration.
  • πŸ“¦ Provides a REST endpoint to load data into the database.

πŸ› οΈ Installation

  1. Clone the repository:

    git clone https://github.com/your-username/ip-malicious-db.git
cd ip-malicious-db

  2. Set up Neo4j:

    • Install Neo4j: Neo4j Installation Guide
    • Start the Neo4j database: 
      neo4j start
    • Configure the database credentials in your environment: 
      export NEO4J_URI="bolt://localhost:7687"
export NEO4J_USER="neo4j"
export NEO4J_PASSWORD="your_password"

  3. Build the service:

    go build -o ip-malicious-db ./cmd

  4. Run the service:

    ./ip-malicious-db

πŸ”§ Usage

The service exposes a REST endpoint to fetch and load malicious IPs into the database.

Endpoint: /save-malicious-ip

Method: POST

Description:

Fetches malicious IP data for all countries from GitHub and stores it in Neo4j.

Example Request:

curl -X POST http://localhost:8080/save-malicious-ip

Data Storage in Neo4j

  • Nodes:
    • IP nodes:
      • Fields:
        • id: Represents the IP address or IP range (primary key).
        • country: Represents the ISO 3166-1 alpha-2 code of the country.

There are no relationships between the nodes.

πŸ“š Example Cypher Queries

List All Malicious IPs

MATCH (ip:IP)
RETURN ip.id

List All Malicious IPs for a Specific Country

MATCH (ip:IP {country: "us"})
RETURN ip.id

🌍 How It Works

  1. Fetch Data:
  2. Store in Neo4j:
    • Creates IP nodes for each malicious IP or range, with the fields:
      • id: IP address.
      • country: Country code.

πŸ“š Future Features

  • 🌐 Additional REST API endpoints for querying malicious IPs.
  • πŸ“Š Analytics and visualization for malicious IP trends.
  • πŸ›‘οΈ Integration with real-time threat detection tools.

🀝 Contributions

Contributions are welcome! Please fork the repository, create a feature branch, and submit a pull request.

πŸ›‘οΈ License

This project is licensed under the Apache License. See the LICENSE file for details.

🌟 Acknowledgments

Special thanks to the FireHOL project for providing the data that powers this service and to the Neo4j community for their database technology.

About

Go tool that loads malicious IPs and ranges 🌍 from FireHOL blocklists into a Neo4j database. Use it to identify threats and enhance your network's security posture! πŸš€

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages