abuseipdb

package module
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 23, 2022 License: MIT Imports: 14 Imported by: 1

README

abuseipdb

Package abuseipdb provides a wrapper for the AbuseIPDB API.

Installation

go get -u go.xela.tech/abuseipdb

Documentation

Overview

Package abuseipdb provides a wrapper for the AbuseIPDB API.

An explanation of the project can be found here: https://www.abuseipdb.com/

Documentation for the API can be found here: https://docs.abuseipdb.com/

Index

Constants

This section is empty.

Variables

View Source 
var NoBlacklistLimit = 9999999

NoBlacklistLimit is a very high number used to retreive the full blacklist. See: https://docs.abuseipdb.com/#blacklist-ip-truncation

Functions

This section is empty.

Types

type BlacklistOption 

type BlacklistOption func(*blacklistConfig)

BlacklistOption sets an optional parameter for calls to the Blacklist endpoint.

func ConfidenceMinimum 

func ConfidenceMinimum(score int) BlacklistOption

ConfidenceMinimum returns a BlacklistOption that sets the lowest abuse confidence score to be included in the response. This feature is only available to subscribers, and as such all free users should leave this value as -1. The confidence minimum can be set anywhere between 25 and 100. The default value is 100.

func Limit 

func Limit(count int) BlacklistOption

Limit returns a BlacklistOption that sets the number of IPs to return. The minimum value for the limit is 1, and the maximum value for standard users is 10,000. As a subscriber, this value is unlimited. The limit is set to 10,000 by default.

type BlacklistResponse 

type BlacklistResponse struct {
	Meta struct {
		GeneratedAt time.Time `json:"generatedAt"`
	} `json:"meta"`
	Data []struct {
		IPAddress            string    `json:"ipAddress"`
		AbuseConfidenceScore int       `json:"abuseConfidenceScore"`
		LastReportedAt       time.Time `json:"lastReportedAt"`
	} `json:"data"`
}

BlacklistResponse represents the AbuseIPDB API response for the most reported IP addresses.

type BulkReportResponse 

type BulkReportResponse struct {
	Data struct {
		SavedReports   int `json:"savedReports"`
		InvalidReports []struct {
			Error     string `json:"error"`
			Input     string `json:"input"`
			RowNumber int    `json:"rowNumber"`
		} `json:"invalidReports"`
	} `json:"data"`
}

BulkReportResponse represents the AbuseIPDB API response when multiple IP addresses are reported for abuse in CSV format.

type Category 

type Category int

Category represents an AbuseIPDB abuse category. See: https://www.abuseipdb.com/categories 

const (
	// CategoryDNSCompromise includes abuse which involves altering DNS records resulting in improper redirection.
	CategoryDNSCompromise Category = iota + 1
	// CategoryDNSPoisoning includes abuse which involves falsifying domain server cache (cache poisoning).
	CategoryDNSPoisoning
	// CategoryFraudOrders includes abuse which involves making fraudulent purchases/orders online.
	CategoryFraudOrders
	// CategoryDDoSAttack includes abuse involving participating in distributed denial-of-service (usually as part of a botnet).
	CategoryDDoSAttack
	// CategoryFTPBruteForce includes abuse involving brute-force credential attacks against FTP servers.
	CategoryFTPBruteForce
	// CategoryPingOfDeath includes abuse involving sending oversized IP packets.
	CategoryPingOfDeath
	// CategoryPhishing includes abuse involving phishing websites or emails.
	CategoryPhishing
	// CategoryFraudVOIP includes abuse involving spam/scam calls from VoIP numbers.
	CategoryFraudVOIP
	// CategoryOpenProxy describes IPs acting as open proxies, relays or Tor exit nodes.
	CategoryOpenProxy
	// CategoryWebSpam includes abuse involving comment/forum spam, HTTP referer spam or other CMS-related spam.
	CategoryWebSpam
	// CategoryEmailSpam includes abuse involving spam email content, infected attachments and phishing.
	CategoryEmailSpam
	// CategoryBlogSpam includes abuse involving comment spam on CMS blogs.
	CategoryBlogSpam
	// CategoryVPNIP is a conjunctive category for VPN servers.
	CategoryVPNIP
	// CategoryPortScan includes abuse involving scanning the internet for open ports/vulnerable devices.
	CategoryPortScan
	// CategoryHacking includes abuse involving all types of unauthorised system access.
	// This should be used in combination with other categories.
	CategoryHacking
	// CategorySQLInjection includes abuse involving any form of SQL injection attempt.
	CategorySQLInjection
	// CategorySpoofing includes abuse involving spoofing email sender information.
	CategorySpoofing
	// CategoryBruteForce includes abuse involving brute-force credential attacks on a variety of protocols.
	// Examples include SSH, FTP, STMP, RDP as well as webpage logins.
	CategoryBruteForce
	// CategoryBadWebBot includes abuse involving website scraping which doesn't honour robots.txt.
	// Excessive requests and spoofed user agents can also be reported under this category.
	CategoryBadWebBot
	// CategoryExploitedHost includes abuse in which the host is likely infected with malware,
	// and is being used for other attacks/hosting malicious content.
	CategoryExploitedHost
	// CategoryWebAppAttack includes abuse involving attempts to probe/exploit web applications.
	// Examples include, CMS' such as WordPress, Drupal, phpMyAdmin, etc.
	CategoryWebAppAttack
	// CategorySSH includes abuse of Secure Shell (SSH).
	//Use this category in combination with more specific categories.
	CategorySSH
	// CategoryIoTTargeted includes abuse targeting IoT devices.
	// Include information about device type in report comments.
	CategoryIoTTargeted
)

A list of the categories supported by the AbuseIPDB API.

func (Category) String 

func (i Category) String() string

type CheckBlockResponse 

type CheckBlockResponse struct {
	Data struct {
		NetworkAddress   string `json:"networkAddress"`
		Netmask          string `json:"netmask"`
		MinAddress       string `json:"minAddress"`
		MaxAddress       string `json:"maxAddress"`
		NumPossibleHosts int    `json:"numPossibleHosts"`
		AddressSpaceDesc string `json:"addressSpaceDesc"`
		ReportedAddress  []struct {
			IPAddress            string    `json:"ipAddress"`
			NumReports           int       `json:"numReports"`
			MostRecentReport     time.Time `json:"mostRecentReport"`
			AbuseConfidenceScore int       `json:"abuseConfidenceScore"`
			CountryCode          string    `json:"countryCode"`
		} `json:"reportedAddress"`
	} `json:"data"`
}

CheckBlockResponse represents the AbuseIPDB API response for a specific subnet/netblock that has been checked.

type CheckOption 

type CheckOption func(*checkConfig)

CheckOption sets an optional parameter for calls to the Check and CheckBlock endpoints.

func MaxAgeInDays 

func MaxAgeInDays(days int) CheckOption

MaxAgeInDays returns a CheckOption that sets the maximum age of reports to fetch when checking an IP address. The default value is 30 days, and can be any value between 1 and 365. For the CheckBlock endpoint, a subscription is required to use a value for maxAgeInDays that is greater than 30. Basic subscribers can use up to 60, and Premium subscribers can use up to 365.

func Verbose 

func Verbose(enabled bool) CheckOption

Verbose returns a CheckOption that sets the verbose request parameter. If verbose is enabled, the country name and reports are included in the response for an IP address. This option is enabled by default.

type CheckResponse 

type CheckResponse struct {
	Data struct {
		IPAddress            string    `json:"ipAddress"`
		IsPublic             bool      `json:"isPublic"`
		IPVersion            int       `json:"ipVersion"`
		IsWhitelisted        bool      `json:"isWhitelisted"`
		AbuseConfidenceScore int       `json:"abuseConfidenceScore"`
		CountryCode          string    `json:"countryCode"`
		CountryName          string    `json:"countryName"`
		UsageType            string    `json:"usageType"`
		ISP                  string    `json:"isp"`
		Domain               string    `json:"domain"`
		Hostnames            []string  `json:"hostnames"`
		TotalReports         int       `json:"totalReports"`
		NumDistinctUsers     int       `json:"numDistinctUsers"`
		LastReportedAt       time.Time `json:"lastReportedAt"`
		Reports              []Report  `json:"reports"`
	} `json:"data"`
}

CheckResponse represents the AbuseIPDB API response for a specific IP that has been checked.

type Client 

type Client struct {
	APIKey string
	// contains filtered or unexported fields
}

Client is used to make requests to the AbuseIPDB API. Use CreateClient to initialise a new client.

func NewClient 

func NewClient(apiKey string) *Client

NewClient initialises a new client for making requests.

func (*Client) Blacklist 

func (c *Client) Blacklist(options ...BlacklistOption) (*BlacklistResponse, error)

Blacklist will return a list of the most reported IP addresses.

func (*Client) BulkReport 

func (c *Client) BulkReport(filePath string) (*BulkReportResponse, error)

BulkReport takes a CSV file containing multiple IPs to report in one go.

func (*Client) Check 

func (c *Client) Check(ipAddress string, options ...CheckOption) (*CheckResponse, error)

Check will return the stored information about the IP provided (either v4 or v6).

func (*Client) CheckBlock 

func (c *Client) CheckBlock(subnet string, options ...CheckOption) (*CheckBlockResponse, error)

CheckBlock will return the stored information about the subnet (either v4 or v6) provided, denoted with CIDR notation. The maxmimum size of subnets you can check is based on plan tier. Free users are limited to /24 and smaller, Basic plan users are limited to /20 and smaller and Premium plan users are limited to /16 and smaller.

func (*Client) Report 

func (c *Client) Report(ip string, categories []Category, options ...ReportOption) (*ReportResponse, error)

Report will submit a report for the IP provided.

type ErrorResponse 

type ErrorResponse struct {
	Errors []struct {
		Detail string `json:"detail"`
	} `json:"errors"`
}

type Report 

type Report struct {
	ReportedAt          time.Time `json:"reportedAt"`
	Comment             string    `json:"comment"`
	Categories          []int     `json:"categories"`
	ReporterID          int       `json:"reporterId"`
	ReporterCountryCode string    `json:"reporterCountryCode"`
	ReporterCountryName string    `json:"reporterCountryName"`
}

Report represents the AbuseIPDB object for a report made about an IP address by a user.

type ReportOption 

type ReportOption func(*reportConfig)

ReportOption sets an optional parameter for calls to the Report endpoint.

func Comment 

func Comment(content string) ReportOption

Comment returns a ReportOption that sets the comment for a report. This field should be used for any additional information to be included with the report, including server logs, timestamps, packet samples, etc.

type ReportResponse 

type ReportResponse struct {
	Data struct {
		IpAddress            string `json:"ipAddress"`
		AbuseConfidenceScore int    `json:"abuseConfidenceScore"`
	} `json:"data"`
}

ReportResponse represents the AbuseIPDB API response when an IP address has been reported for abuse.

type RequestError 

type RequestError struct {
	StatusCode int
	Details    []string
	Raw        string
}

RequestError represents a response from the AbuseIPDB API when a request fails.

func (RequestError) Error 

func (e RequestError) Error() string

type RequestOptions 

type RequestOptions struct {
	Params  map[string]string
	Headers map[string]string
	Body    []byte
}

RequestOptions stores additional options used when making requests to the AbuseIPDB API, such as query string parameters, additional headers and the request body.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.