checkip
Sometimes I come across an IP address, for example when reviewing logs. And I'd like to find out more about this numerical label. Checkip is CLI tool and Go library that provides generic and security information about IP addresses in a quick way.
$ checkip 91.228.166.47
--- 91.228.166.47 ---
db-ip.com Petržalka, Slovakia
dns name skh1-webredir01-v.eset.com
iptoasn.com ESET-AS
is on AWS false
ping 100% packet loss (5/0), avg round-trip 0 ms
shodan.io OS: n/a, open: tcp/80 (nginx), tcp/443 (nginx), vulns: n/a
tls TLS 1.3, exp. 2024/01/02, www.eset.com, eset.com
malicious 0% (0/7) ✅$ checkip -j 34.250.182.30 | jq '.checks[] | select(.malicious == true)'
{
"name": "shodan.io",
"type": 2,
"malicious": true,
"info": {
"org": "Amazon Data Services Ireland Limited",
"data": [
{
"product": "lighttpd",
"version": "1.4.53",
"port": 80,
"transport": "tcp"
},
{
"product": "AWS ELB",
"version": "2.0",
"port": 443,
"transport": "tcp"
}
],
"os": "",
"ports": [
80,
443
],
"vulns": [
"CVE-2022-22707",
"CVE-2019-11072"
]
}
}See Wiki for more usage examples.
Installation
To install the CLI tool
# optional; to install inside a container
docker run --rm -it golang /bin/bash
go install github.com/jreisinger/checkip/cmd/checkip@latest
or download a release binary (from under "Assets") for your system and architecture.
Configuration
For some checks to start working you need to register and get an API (LICENSE) key. See the service web site for how to do that. An absent key is not reported as an error, the check is simply ignored.
Store the keys in $HOME/.checkip.yaml file:
ABUSEIPDB_API_KEY: aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffff11111111222222223333333344444444
MAXMIND_LICENSE_KEY: abcdef1234567890
SHODAN_API_KEY: aaaabbbbccccddddeeeeffff11112222
URLSCAN_API_KEY: abcd1234-a123-4567-678z-a2b3c4b5d6e7
VIRUSTOTAL_API_KEY: aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffff1111111122222222
You can also use environment variables with the same names.
Data used by some checks are downloaded (cached) to $HOME/.checkip/ folder. They are periodically re-downloaded so they are fresh.
Development
Checkip is easy to extend. If you want to add a new way of checking IP addresses:
- Write a function of type Check.
- Add the new check to
check.Allvariable - Optional: consider adding the new check to
check.Defaultvariable.
Typical workflow:
make run # test, install and run
git commit -m "backwards compatible bug fix" main.go
git tag | sort -V | tail -1
git tag -a v0.16.1 -m "patch" # will build a new release on GitHub when pushed
git push --follow-tags