I'm trying to write a program that can scan IPs against OSINT databases, but I keep running into TypeError. I'm not sure where to go from here

Question

So, someone started this project and it fell on my lap so I could fix it.

This is my first attempt at coding outside of school, so I'm not very experienced or good. Apologies if the solution was something obvious.

Basically this program is supposed to do a few things.

1. Accept one or more inputs of IP addresses
2. Scan the databases written into it
3. Return each database that flags the IP as malicious
4. Return any database that has an error related to the API key.
5. Return the location of the IP as reported by AbuseIPDB.(but I haven't even started that yet)

Right now, this is the error I'm getting.

 Traceback (most recent call last):

  File "script.py", line 119, in <module>

    is_malicious, flagged_databases = check_ip_reputation(ip)

TypeError: cannot unpack non-iterable bool object

I have no idea how to correct that. I've rewritten a few lines to fix other errors but something new always comes up.

This is the code. Something to note, is that two databases are missing APIs. But those should return an error as mentioned above.

'''

 import requests
    
def check_ip_reputation(ip_address):
    
        # Set up a list to store the names of the databases that flag the IP as malicious
    
        flagged_databases = []
    
        # Set up the parameters for the AbuseIPDB request
    
        params = {
    
            'key': 'db327100238564236c6e25fe412ed23d80cfecab28691b0e672bd2a0798156250de5473bc648d255',
    
            'ipAddress': ip_address
    
        }
    
        # Make the request to AbuseIPDB
    
        try:
    
            response = requests.get('https://api.abuseipdb.com/api/v2/check', params=params)
    
        except requests.exceptions.RequestException as e:
    
            print(f'Error making request to AbuseIPDB: {e}')
    
            return False
    
        # Extract the "abuseConfidenceScore" field from the response
    
        abuse_score = response.json()['data']['abuseConfidenceScore']
    
        # Set a threshold for the AbuseIPDB score
    
        abuse_threshold = 50
    
        # Check if the abuse score is above the threshold
    
        if abuse_score >= abuse_threshold:
    
            flagged_databases.append('AbuseIPDB')
    
        # Set up the parameters for the VirusTotal request
    
        params = {
    
            'apikey': '7f21d9a126b73adf22ea100f883e38496f44412933a27cf1740858f3568be5e4',
    
            'ip': ip_address
    
        }
    
        # Make the request to VirusTotal
    
        try:
    
            response = requests.get('https://www.virustotal.com/vtapi/v2/ip-address/report', params=params)
    
        except requests.exceptions.RequestException as e:
    
            print(f'Error making request to VirusTotal: {e}')
    
            return False
    
        # Extract the "response_code" field from the response
    
        response_code = response.json()['response_code']
    
        # Check if the response code indicates that the IP is listed
    
        if response_code == 1:
    
            flagged_databases.append('VirusTotal')
    
        # Set up the parameters for the MXtoolbox request
    
        params = {
    
            'key': 'API_KEY',
    
            'ip': ip_address
    
        }
    
        # Make the request to MXtoolbox
    
        try:
    
            response = requests.get('https://mxtoolbox.com/api/v1/lookup/blacklist/' + ip_address, params=params)
    
        except requests.exceptions.RequestException as e:
    
            print(f'Error making request to MXtoolbox: {e}')
    
            return False
    
         # Try to extract the "blacklist" field from the response
    
        try:
    
            blacklist = response.json()['blacklist']
    
        except TypeError:
    
            # If the response is a string, then the IP is not blacklisted
    
            return False
    
        # Check if the IP is listed in any of the blacklists
    
        is_blacklisted = len(blacklist) > 0
    
        # Return the result
    
        return is_blacklisted
    
        # Set up the parameters for the Talos request
    
        params = {
    
            'key': 'API_KEY',
    
            'ip': ip_address
    
        }
    
        # Make the request to Talos
    
        try:
    
            response = requests.get('https://talosintelligence.com/documents/ip-blacklist', params=params)
    
        except requests.exceptions.RequestException as e:
    
            print(f'Error making request to Talos: {e}')
    
            return False
    
        # Check if the response code indicates that the IP is listed
    
        if response.status_code == 200:
    
            flagged_databases.append('Talos Intelligence')
    
    ##############################################################################
    
        # Combine the results from all four databases
    
        if(len(flagged_databases) > 0):
    
            is_malicious = len(flagged_databases)
    
       
    
        else:
    
            is_malicious = 0
    
        # Return the result
    
        return is_malicious, flagged_databases;
    
    ##############################################################################
    
    # Prompt the user for a list of IP addresses
    
    ip_addresses_str = input("Enter a list of IP addresses separated by commas: ")
    
    # Split the input string into a list of IP addresses
    
    ip_addresses = ip_addresses_str.split(',')
    
    # Strip any leading or trailing whitespace from the IP addresses
    
    ip_addresses = [ip.strip() for ip in ip_addresses]
    
    # Check the reputation of each IP address
    
    for ip in ip_addresses:
    
        is_malicious, flagged_databases = check_ip_reputation(ip)
    
        if is_malicious:
    
            print(f'{ip} has been flagged as malicious by the following databases: {", ".join(flagged_databases)}')
    
        else:
    
            print(f'{ip} has not been flagged as malicious by any of the OSINT databases.')

'''

Any help would be so, so appreciated.

Listed above, but I did try changing it so it could read strings and dictionary.

Answer 1

Here are some suggestions for making the code more robust.

I noticed that you were returning from the function in a few places, with different semantics for the result:

1. Errors were being returned as just a boolean
2. One of the checks, you were returning just a boolean rather than adding to the flagged databases
3. You had a return statement that matched the calling code, but you would not reach it because of the above return statements

The calling code expected a boolean and a list, but it would only ever get a boolean, which is why you got the error.

When you are querying multiple sources, and presuming you want to return all the information that is available rather than give up with one error, it may be good to put results from all of them into a data structure and then return what you have, including the errors. Let the calling code decide whether having errors is a problem since some of the results may be useful.

import requests
    
def check_ip_reputation(ip_address):
    # Set up a list to store the names of the databases that flag the IP as malicious
    databaseResults = {'Errors': [], 'ReportingMalicious': [], 'ReportingClean': []}

    # Set up the parameters for the AbuseIPDB request
    params = {
        'key': 'db327100238564236c6e25fe412ed23d80cfecab28691b0e672bd2a0798156250de5473bc648d255',
        'ipAddress': ip_address
    }

    # Make the request to AbuseIPDB
    try:
        response = requests.get('https://api.abuseipdb.com/api/v2/check', params=params)
    except requests.exceptions.RequestException as e:
        databaseResults['Errors'].append('AbuseIPDB')

    # Extract the "abuseConfidenceScore" field from the response
    abuse_score = response.json()['data']['abuseConfidenceScore']

    # Set a threshold for the AbuseIPDB score
    abuse_threshold = 50

    # Check if the abuse score is above the threshold
    if abuse_score >= abuse_threshold:
        databaseResults['ReportingMalicious'].append('AbuseIPDB')
    else:
        databaseResults['ReportingClean'].append('AbuseIPDB')

    # Set up the parameters for the VirusTotal request
    params = {
        'apikey': '7f21d9a126b73adf22ea100f883e38496f44412933a27cf1740858f3568be5e4',
        'ip': ip_address
    }

    # Make the request to VirusTotal
    try:
        response = requests.get('https://www.virustotal.com/vtapi/v2/ip-address/report', params=params)
    except requests.exceptions.RequestException as e:
        databaseResults['Errors'].append('VirusTotal')

    # Extract the "response_code" field from the response
    response_code = response.json()['response_code']

    # Check if the response code indicates that the IP is listed
    if response_code == 1:
        databaseResults['ReportingMalicious'].append('VirusTotal')
    else:
        databaseResults['ReportingClean'].append('VirusTotal')

    # Set up the parameters for the MXtoolbox request
    params = {
        'key': 'API_KEY',
        'ip': ip_address
    }

    # Make the request to MXtoolbox
    try:
        response = requests.get('https://mxtoolbox.com/api/v1/lookup/blacklist/' + ip_address, params=params)
    except requests.exceptions.RequestException as e:
        databaseResults['Errors'].append('MXtoolbox')

        # Try to extract the "blacklist" field from the response
    try:
        blacklist = response.json()['blacklist']
        is_blacklisted = len(blacklist) > 0
    except TypeError:
        is_blacklisted = False

    # Return the result
    if is_blacklisted:
        databaseResults['ReportingMalicious'].append('MXtoolbox')
    else:
        databaseResults['ReportingClean'].append('MXtoolbox')

    # Set up the parameters for the Talos request
    params = {
        'key': 'API_KEY',
        'ip': ip_address
    }

    # Make the request to Talos
    try:
        response = requests.get('https://talosintelligence.com/documents/ip-blacklist', params=params)
    except requests.exceptions.RequestException as e:
        databaseResults['Errors'].append('TalosIntelligence')

    # Check if the response code indicates that the IP is listed

    if response.status_code == 200:
        databaseResults['ReportingMalicious'].append('TalosIntelligence')
    else:
        databaseResults['ReportingClean'].append('TalosIntelligence')

##############################################################################

    # Combine the results from all four databases
    is_malicious = len(databaseResults['ReportingMalicious']) > 0

    # Return the result
    return is_malicious, databaseResults;
    
##############################################################################
# Prompt the user for a list of IP addresses
ip_addresses_str = input("Enter a list of IP addresses separated by commas: ")

# Split the input string into a list of IP addresses
ip_addresses = ip_addresses_str.split(',')

# Strip any leading or trailing whitespace from the IP addresses
ip_addresses = [ip.strip() for ip in ip_addresses]

# Check the reputation of each IP address
for ip in ip_addresses:
    is_malicious, flagged_databases = check_ip_reputation(ip)
    if is_malicious:
        print(f'{ip} has been flagged as malicious by the following databases: ' + ", ".join([db for db in flagged_databases['ReportingMalicious']]) + '}')
    else:
        print(f'{ip} has not been flagged as malicious by any of the OSINT databases.')