[英]I'm trying to write a program that can scan IPs against OSINT databases, but I keep running into TypeError. I'm not sure where to go from here
所以,有人开始了这个项目,它落在了我的腿上,所以我可以修复它。
这是我第一次尝试在校外编码,所以我不是很有经验,也不擅长。 如果解决方案很明显,我们深表歉意。
基本上这个程序应该做一些事情。
现在,这是我遇到的错误。
Traceback (most recent call last):
File "script.py", line 119, in <module>
is_malicious, flagged_databases = check_ip_reputation(ip)
TypeError: cannot unpack non-iterable bool object
我不知道如何纠正。 我已经重写了几行以修复其他错误,但总会出现一些新问题。
这是代码。 需要注意的是,两个数据库缺少 API。 但是那些应该返回如上所述的错误。
'''
import requests
def check_ip_reputation(ip_address):
# Set up a list to store the names of the databases that flag the IP as malicious
flagged_databases = []
# Set up the parameters for the AbuseIPDB request
params = {
'key': 'db327100238564236c6e25fe412ed23d80cfecab28691b0e672bd2a0798156250de5473bc648d255',
'ipAddress': ip_address
}
# Make the request to AbuseIPDB
try:
response = requests.get('https://api.abuseipdb.com/api/v2/check', params=params)
except requests.exceptions.RequestException as e:
print(f'Error making request to AbuseIPDB: {e}')
return False
# Extract the "abuseConfidenceScore" field from the response
abuse_score = response.json()['data']['abuseConfidenceScore']
# Set a threshold for the AbuseIPDB score
abuse_threshold = 50
# Check if the abuse score is above the threshold
if abuse_score >= abuse_threshold:
flagged_databases.append('AbuseIPDB')
# Set up the parameters for the VirusTotal request
params = {
'apikey': '7f21d9a126b73adf22ea100f883e38496f44412933a27cf1740858f3568be5e4',
'ip': ip_address
}
# Make the request to VirusTotal
try:
response = requests.get('https://www.virustotal.com/vtapi/v2/ip-address/report', params=params)
except requests.exceptions.RequestException as e:
print(f'Error making request to VirusTotal: {e}')
return False
# Extract the "response_code" field from the response
response_code = response.json()['response_code']
# Check if the response code indicates that the IP is listed
if response_code == 1:
flagged_databases.append('VirusTotal')
# Set up the parameters for the MXtoolbox request
params = {
'key': 'API_KEY',
'ip': ip_address
}
# Make the request to MXtoolbox
try:
response = requests.get('https://mxtoolbox.com/api/v1/lookup/blacklist/' + ip_address, params=params)
except requests.exceptions.RequestException as e:
print(f'Error making request to MXtoolbox: {e}')
return False
# Try to extract the "blacklist" field from the response
try:
blacklist = response.json()['blacklist']
except TypeError:
# If the response is a string, then the IP is not blacklisted
return False
# Check if the IP is listed in any of the blacklists
is_blacklisted = len(blacklist) > 0
# Return the result
return is_blacklisted
# Set up the parameters for the Talos request
params = {
'key': 'API_KEY',
'ip': ip_address
}
# Make the request to Talos
try:
response = requests.get('https://talosintelligence.com/documents/ip-blacklist', params=params)
except requests.exceptions.RequestException as e:
print(f'Error making request to Talos: {e}')
return False
# Check if the response code indicates that the IP is listed
if response.status_code == 200:
flagged_databases.append('Talos Intelligence')
##############################################################################
# Combine the results from all four databases
if(len(flagged_databases) > 0):
is_malicious = len(flagged_databases)
else:
is_malicious = 0
# Return the result
return is_malicious, flagged_databases;
##############################################################################
# Prompt the user for a list of IP addresses
ip_addresses_str = input("Enter a list of IP addresses separated by commas: ")
# Split the input string into a list of IP addresses
ip_addresses = ip_addresses_str.split(',')
# Strip any leading or trailing whitespace from the IP addresses
ip_addresses = [ip.strip() for ip in ip_addresses]
# Check the reputation of each IP address
for ip in ip_addresses:
is_malicious, flagged_databases = check_ip_reputation(ip)
if is_malicious:
print(f'{ip} has been flagged as malicious by the following databases: {", ".join(flagged_databases)}')
else:
print(f'{ip} has not been flagged as malicious by any of the OSINT databases.')
'''
任何帮助都会如此,非常感谢。
上面列出,但我确实尝试更改它以便它可以读取字符串和字典。
这里有一些使代码更健壮的建议。
我注意到您在几个地方从 function 返回,结果语义不同:
调用代码需要一个 boolean 和一个列表,但它只会得到一个 boolean,这就是你得到错误的原因。
当您查询多个来源,并假设您想要返回所有可用的信息而不是因为一个错误而放弃时,最好将所有这些来源的结果放入一个数据结构中,然后返回您拥有的信息,包括错误。 让调用代码决定错误是否是一个问题,因为某些结果可能有用。
import requests
def check_ip_reputation(ip_address):
# Set up a list to store the names of the databases that flag the IP as malicious
databaseResults = {'Errors': [], 'ReportingMalicious': [], 'ReportingClean': []}
# Set up the parameters for the AbuseIPDB request
params = {
'key': 'db327100238564236c6e25fe412ed23d80cfecab28691b0e672bd2a0798156250de5473bc648d255',
'ipAddress': ip_address
}
# Make the request to AbuseIPDB
try:
response = requests.get('https://api.abuseipdb.com/api/v2/check', params=params)
except requests.exceptions.RequestException as e:
databaseResults['Errors'].append('AbuseIPDB')
# Extract the "abuseConfidenceScore" field from the response
abuse_score = response.json()['data']['abuseConfidenceScore']
# Set a threshold for the AbuseIPDB score
abuse_threshold = 50
# Check if the abuse score is above the threshold
if abuse_score >= abuse_threshold:
databaseResults['ReportingMalicious'].append('AbuseIPDB')
else:
databaseResults['ReportingClean'].append('AbuseIPDB')
# Set up the parameters for the VirusTotal request
params = {
'apikey': '7f21d9a126b73adf22ea100f883e38496f44412933a27cf1740858f3568be5e4',
'ip': ip_address
}
# Make the request to VirusTotal
try:
response = requests.get('https://www.virustotal.com/vtapi/v2/ip-address/report', params=params)
except requests.exceptions.RequestException as e:
databaseResults['Errors'].append('VirusTotal')
# Extract the "response_code" field from the response
response_code = response.json()['response_code']
# Check if the response code indicates that the IP is listed
if response_code == 1:
databaseResults['ReportingMalicious'].append('VirusTotal')
else:
databaseResults['ReportingClean'].append('VirusTotal')
# Set up the parameters for the MXtoolbox request
params = {
'key': 'API_KEY',
'ip': ip_address
}
# Make the request to MXtoolbox
try:
response = requests.get('https://mxtoolbox.com/api/v1/lookup/blacklist/' + ip_address, params=params)
except requests.exceptions.RequestException as e:
databaseResults['Errors'].append('MXtoolbox')
# Try to extract the "blacklist" field from the response
try:
blacklist = response.json()['blacklist']
is_blacklisted = len(blacklist) > 0
except TypeError:
is_blacklisted = False
# Return the result
if is_blacklisted:
databaseResults['ReportingMalicious'].append('MXtoolbox')
else:
databaseResults['ReportingClean'].append('MXtoolbox')
# Set up the parameters for the Talos request
params = {
'key': 'API_KEY',
'ip': ip_address
}
# Make the request to Talos
try:
response = requests.get('https://talosintelligence.com/documents/ip-blacklist', params=params)
except requests.exceptions.RequestException as e:
databaseResults['Errors'].append('TalosIntelligence')
# Check if the response code indicates that the IP is listed
if response.status_code == 200:
databaseResults['ReportingMalicious'].append('TalosIntelligence')
else:
databaseResults['ReportingClean'].append('TalosIntelligence')
##############################################################################
# Combine the results from all four databases
is_malicious = len(databaseResults['ReportingMalicious']) > 0
# Return the result
return is_malicious, databaseResults;
##############################################################################
# Prompt the user for a list of IP addresses
ip_addresses_str = input("Enter a list of IP addresses separated by commas: ")
# Split the input string into a list of IP addresses
ip_addresses = ip_addresses_str.split(',')
# Strip any leading or trailing whitespace from the IP addresses
ip_addresses = [ip.strip() for ip in ip_addresses]
# Check the reputation of each IP address
for ip in ip_addresses:
is_malicious, flagged_databases = check_ip_reputation(ip)
if is_malicious:
print(f'{ip} has been flagged as malicious by the following databases: ' + ", ".join([db for db in flagged_databases['ReportingMalicious']]) + '}')
else:
print(f'{ip} has not been flagged as malicious by any of the OSINT databases.')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.