vivekyadav389/IP-Threat-Analyzer

# IP Threat Analyzer & Intelligence Suite 🛡️ A comprehensive cybersecurity intelligence tool that scans and analyzes IP addresses for malicious indicators, security threats, and network reputations. This project provides both a **CLI Python Utility** and an **Interactive Web Dashboard** featuring live integrations with **VirusTotal** and **AbuseIPDB** APIs. ## 🌟 Features ### 🖥️ 1. Interactive Web Dashboard * **Modern Cyberpunk UI:** Custom dark theme featuring glassmorphism, responsive grids, and conically rotating scanning radar animations. * **Dual Telemetry Modes:** * *Demo Mode (Offline):* Preloaded with Wireshark-captured telemetry and persistent dynamic fallback generators for arbitrary IPs. * *Live Feed Mode:* Integrates direct browser client requests to AbuseIPDB and VirusTotal. Credentials are saved locally and securely inside `localStorage`. * **Active Metrics Visualizer:** Animated circular score gauges showing Abuse Confidence Scores and VirusTotal engine detection progress bars. * **Audit Scan Ledger:** Persistent history tables detailing geographic coordinates (country), ISPs, hosting domains, usage categories, and direct "Re-Scan" capabilities. ### 🐍 2. CLI Python Scanner * Highly performant command-line script checking ranges of IPs with rate-limiting respect. * Color-coded threat labeling (**Safe** in Green, **Suspicious** in Yellow, **Malicious** in Red). * Tabulated reports displaying reputation confidence, ISP allocation, and VirusTotal hits. * Generates a persistent `ip_report.json` report containing complete scan logs. ## 📦 Project Architecture ├── index.html # Main web dashboard interface ├── styles.css # Cyber-themed CSS styles & animations ├── app.js # Interactive state, gauges, & API fetches ├── ip_threat_checker.py # CLI Python Scanner utility └── README.md # Project documentation ## 🚀 Getting Started ### Method A: Running the Web Dashboard (Local) Simply double-click `index.html` to open it in your browser, or spin up a lightweight local server: # Serve the directory locally python3 -m http.server 8080 Open your browser to `http://localhost:8080`. ### Method B: Running the Python CLI Scanner 1. **Install dependencies:** pip install requests tabulate colorama 2. **Run in Demo Mode (Simulated APIs - No keys needed):** python3 ip_threat_checker.py --mode demo 3. **Run in Real Mode (Requires API Credentials):** python3 ip_threat_checker.py --mode real --vt-key YOUR_VIRUSTOTAL_KEY --abuse-key YOUR_ABUSEIPDB_KEY ## 🛡️ Threat Rules Hierarchy Reputation classification follows standard cybersecurity rating thresholds: * 🔴 **MALICIOUS:** AbuseIPDB Confidence Score $\ge 50$ OR VirusTotal engine alerts $\ge 6$ * 🟡 **SUSPICIOUS:** AbuseIPDB Confidence Score between $15 - 49$ OR VirusTotal engine alerts between $2 - 5$ * 🟢 **SAFE:** AbuseIPDB Confidence Score $< 15$ AND VirusTotal engine alerts $\le 1$ ## 👤 Author * **Ayush** - Cybersecurity Capstone Project