Extract the IP address from access logs such as Nginx and visualize the IP address of the access source
You can visualize reconnaissance threats by performing a heat map analysis.
It can be used as intelligence, such as checking the IP address from the exported CSV file and adding it to the firewall.
-
Operation confirmed with Python 3.9.4
-
Use the package manager pip to install requirements
$ cd ipcheck $ python3 -m pip install -r requirements.txt
$ python3 src/main.py -h
usage: main.py [-h] [-b] -f F
optional arguments:
-h, --help show this help message and exit
-b batch mode
-f F file name to parse
-
Specify the file name to be analyzed in the -f option and execute
$ python3 src/main.py -f <accesslog>
-
Execute the following command to export the Access Token obtained from ipinfo.io as an environment variable
$ export access_token=xxxxxxxxxxxxxx -
Specify the file name to be analyzed in the -f option and execute with -b
$ python3 src/main.py -f <accesslog> -b
Open the generated heatmap.html in your browser.