Get comprehensive data on IP addresses. Learn where they are located (lat/long, country, city, time zone), whether they are flagged as malicious (by AbuseIPDB, VirusTotal, IPVoid, etc.), which ports are open and what services are running (via Shodan), and network diagnostics (ping, traceroute).
- Modern Configuration: TOML-based config with Pydantic validation
- VirusTotal API v3: Latest API with enhanced threat intelligence
- Embedded Categories: Self-contained AbuseIPDB category mapping
- Python 3.11+ Features: Match/case syntax, union types, type safety
- Performance Boost: No file I/O for category lookups
- Environment Variables: Configuration via
KNOW_YOUR_IP_*variables
Requirements: Python 3.11+
pip install know_your_ip# Analyze single IP
know_your_ip 8.8.8.8
# Analyze from file
know_your_ip --file input.csv --config config.tomlfrom know_your_ip import KnowYourIPConfig, query_ip
# Load configuration
config = KnowYourIPConfig()
config.virustotal.enabled = True
config.virustotal.api_key = "your_api_key"
# Analyze IP
result = query_ip(config, "8.8.8.8")
print(result['virustotal.reputation']) # 530Create know_your_ip.toml (see examples/know_your_ip.toml for full example):
[maxmind]
enabled = true
db_path = "./db"
[abuseipdb]
enabled = true
api_key = "your_api_key_here"
days = 90
[virustotal]
enabled = true
api_key = "your_api_key_here"
[output]
columns = [
"ip",
"maxmind.country.names.en",
"virustotal.reputation",
"abuseipdb.categories"
]export KNOW_YOUR_IP_VIRUSTOTAL_API_KEY="your_key"
export KNOW_YOUR_IP_VIRUSTOTAL_ENABLED=true
export KNOW_YOUR_IP_ABUSEIPDB_API_KEY="your_key"from know_your_ip import KnowYourIPConfig
config = KnowYourIPConfig()
config.virustotal.api_key = "your_api_key"
config.abuseipdb.enabled = True
config.abuseipdb.days = 30| Service | Features | API Required |
|---|---|---|
| MaxMind | Geolocation, ASN, ISP | Free database |
| VirusTotal | Threat reputation, categories | ✅ Free/Paid |
| AbuseIPDB | Abuse reports, categories | ✅ Free/Paid |
| Shodan | Open ports, services | ✅ Paid |
| Censys | Internet scanning data | ✅ Free/Paid |
| IPVoid | Blacklist status | Web scraping |
| GeoNames | Timezone data | ✅ Free |
| Ping/Traceroute | Network diagnostics | System tools |
- VirusTotal - 500 requests/day, 4/min free
- AbuseIPDB - 1,000 requests/day free
- Shodan - Paid service ($69+/month)
- Censys - 250 requests/month free
- GeoNames - 10,000 requests/day, 1,000/hour free
import pandas as pd
from know_your_ip import load_config, query_ip
# Load IPs from CSV
df = pd.read_csv('ips.csv')
# Load configuration
config = load_config()
# Analyze all IPs
results = df['ip'].apply(lambda ip: pd.Series(query_ip(config, ip)))
results.to_csv('analysis.csv', index=False)from know_your_ip import maxmind_geocode_ip, virustotal_api
# Get only geolocation
location = maxmind_geocode_ip(config, "8.8.8.8")
print(f"Country: {location['maxmind.country.names.en']}")
# Get only threat intelligence
threat_data = virustotal_api(config, "8.8.8.8")
print(f"Malicious detections: {threat_data['virustotal.malicious']}")# Process large files with concurrency
know_your_ip --file large_ips.csv --max-conn 10 --config config.toml
# Process specific range
know_your_ip --file ips.csv --from 100 --to 200query_ip(config, ip)- Complete IP analysisload_config(path)- Load configuration from filemaxmind_geocode_ip(config, ip)- Geolocation datavirustotal_api(config, ip)- VirusTotal threat intelabuseipdb_api(config, ip)- Abuse reportsshodan_api(config, ip)- Port/service dataping(config, ip)- Network latencytraceroute(config, ip)- Network path
KnowYourIPConfig- Main configurationMaxMindConfig- Geolocation settingsVirusTotalConfig- Threat intel settingsAbuseIPDBConfig- Abuse data settingsOutputConfig- Output column configuration
usage: know_your_ip [-h] [-f FILE] [-c CONFIG] [-o OUTPUT] [-n MAX_CONN]
[--from FROM_ROW] [--to TO] [-v] [--no-header]
[ip [ip ...]]
Know Your IP - Comprehensive IP Address Analysis
positional arguments:
ip IP Address(es) to analyze
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE List of IP addresses file
-c CONFIG, --config CONFIG
Configuration file (TOML format)
-o OUTPUT, --output OUTPUT
Output CSV file name
-n MAX_CONN, --max-conn MAX_CONN
Max concurrent connections
--from FROM_ROW From row number
--to TO To row number
-v, --verbose Verbose mode
--no-header Output without header
| Service | Free Tier | Paid Tier |
|---|---|---|
| VirusTotal | 500/day, 4/min | Higher limits |
| AbuseIPDB | 1,000/day | 10,000+/day |
| Censys | 250/month, 1 req/2.5s | Higher limits |
| GeoNames | 10,000/day, 1,000/hour | Commercial plans |
| Shodan | No free API | $69+/month |
See the examples/ directory for:
- example.py - Basic usage examples
- example.ipynb - Jupyter notebook tutorial
- input.csv - Sample input file
- output.csv - Sample output
- Python 3.11+
- System
traceroutecommand (Linux) ortracert(Windows) - Raw socket access for ping (requires admin/root privileges)
- ✅ Linux
- ✅ macOS
- ✅ Windows
- ✅ Docker/containers
For comprehensive documentation, visit: https://themains.github.io/know-your-ip/
We welcome contributions! Please see our Contributing Guide and Code of Conduct.
Released under the MIT License.
Security Note: This tool is designed for legitimate security analysis, threat intelligence, and network diagnostics. Please use responsibly and in accordance with applicable laws and service terms of use.