Skip to content
/ Firehol-Sweep Public

Generate a CSV file containing possible malicious IP addresses using FireHOL's blocklist IP sets.

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ecstatic-nobel/Firehol-Sweep

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
create_lookup.sh
create_lookup.sh
 
 
firehol_ipsets.txt
firehol_ipsets.txt
 
 
sample_lookup_table.csv
sample_lookup_table.csv
 
 

Repository files navigation

[Firehol Sweep]

Generate a CSV file containing possible malicious IP addresses using FireHOL's blocklist IP sets.

Description

Simply put, this gathers a list of possible malicious IP addresses using the datasets on GitHub gathered by FireHOL. This can be used in Splunk to sweep you environment or setup alerts when traffic is detected.

Prerequisites

  • Bash
  • Curl
  • Git

Setup

Open a terminal and run the following commands:

git clone https://github.com/ecstatic-nobel/Firehol-Sweep.git
cd Firehol-Sweep

If you want to change the source of the IP sets:

Create the Lookup Table

To run the script, run the following command from the project directory:

bash create_lookup.sh CLONEDIR OUTPUTFILE

The CLONEDIR is the directory where you want to clone the FireHOL blocklist-ipsets project. The OUTPUTFILE is the path to the new lookup table that will be generated. A sample lookup table can be found here.

Destroy

To remove the project completely, run the following commands:

rm -rf Firehol-Sweep

About

Generate a CSV file containing possible malicious IP addresses using FireHOL's blocklist IP sets.

Topics

osint splunk blocklist cyber firehol threat-intelligence lookup-table

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages