Abuse INSIGHTS

Extract usernames brute forced by a compromised host from Abuse IP DB reporter comments.

Installation

• Python 2.7 required
• Abuse IP DB API Key necessary
• Clone repository and run script: git clone https://github.com/west-wind/abuse-insights.git and cd abuse-insights; python abuse-insights.py

Intended Use

Obtain insights about usernames attempted in a brute force from a compromised host. Generate a list of usernames used to provide insight into the type of adversary that compromised your host.

Getting Started

• Input Abuse IP DB API key into configuration file abuseIPDB_API.conf
• Run script: cd abuse-insights; python abuse-insights.py
• Enter target IP address
• Output will be saved to a CSV file if available username data is found in reporter comments within the past 90 days.

Reporting Errors

• Create an issue on GitHub if you encounter an error. The script currently uses three regular expressions to extract username information from reporter comments. If additional types of comments need to be extracted, please create an issue.

Built With

• Python
• Abuse IP DB API (API Documentation available)

Authors

Alex John, B. (@Praetorian_GRD)

License

MIT License. See the LICENSE.md file for details.

> Visit abuse insights Website <