Aggregation of lists of malicious IP addresses, to be blocked in the WAN > LAN direction, integrated into firewalls: FortiGate, Palo Alto, pfSense, IPtables ...

🐧 SysWarden is an ultra-lightweight Host-based Security Orchestrator for Linux.

Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files.

Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.

A list of malicious IP addresses associated with botnets, cyberattacks, and the generation of artificial traffic on websites. Useful for network administrators and security companies to block threats and protect against DDoS attacks.

An automated mirror of malicious IP addresses from packetsdatabase.com, providing continuously updated blocklists and security feeds in multiple formats.

Criminal IP is a comprehensive OSINT-based Cyber Threat Intelligence (CTI) search engine that can be used as an automated Attack Surface Management solution.

Curated block list including IPs, FQDNs, Domains, JA3, etc. Tailored for utmost precision to minimize false positives in personal or non-commercial environments. Updated regularly. For assistance or to support our initiatives, please reach out or consider participating in our sponsorship program

HeimdallBlocklists is a project designed to merge and manage multiple community-maintained blocklists, making them easily usable across various firewall solutions.

Use the Prowl API to obtain IP Reputation, Techniques Tactics and Procedures, Indicators of Attacks and Indicators of Compromise related to a public IP.

Triage an IP using powershell

Self-hosted Geolocation and Malicious IP Detection API

IP blacklist aggregator

Automated IP blocklist aggregation with geolocation-based country filtering, Docker ready, and twice daily runs via GitHub Actions

SniffCat integration enabling automatic reporting of malicious activity detected by T-Pot honeypots by monitoring logs, analyzing attack attempts, and submitting reports automatically.

Takes a list of IP addresses stored in a file, looks them up using abuseipdb.com, and writes the output to a CSV file.

Offline-first, budget-aware log+CTI pipeline with optional LLM enrichment; grouping/sampling gates, strong CTI cache, reproducible reports, Streamlit UI.

🛡️ Comprehensive IP blacklist from trusted security sources - Updated regularly | Free to use Malware, Botnet, Spam & Attack Prevention for security, firewall, or research purposes.

My personal research on different attack vectors, including DDoS attack types, payloads and a honeypot sensor to detect malicious actors.

A Node.js script that automates the reporting of malicious IP addresses detected by Cloudflare WAF to SniffCatDB ☁️🕵️