A fast, colorful, and extensible IOC checker for hashes, IPs, domains, and URLs.
- VirusTotal: file reputation, detections, and code-signing info
- AbuseIPDB: IP abuse confidence, reports, last reported time
- IPQualityScore: IP/Domain/URL risk, VPN/Proxy/TOR flags, fraud score
- Interactive CLI with colorful banner (Rich)
- Auto-classify: hashes • IPs • domains • URLs
- VirusTotal (hash reputation & code-signing)
- AbuseIPDB (abuse score, last reported)
- IPQualityScore (risk + VPN/Proxy/TOR flags)
- CSV/JSON tables, simple on-disk caching
- Windows/macOS/Linux, no secrets committed (.env)
git clone https://github.com/<you>/IOC-Ranger
cd IOC-Ranger
python -m venv .venv && call .venv\Scripts\activate.bat
python -m pip install -r requirements.txt
copy .env.example .env & notepad .env :: fill keys
python -m ioc_ranger -t mixed -i inputs\iocs_mixed.txt -f tablegit clone https://github.com/<you>/IOC-Ranger
cd IOC-Ranger
python -m venv .venv && source .venv/bin/activate
python -m pip install -r requirements.txt
cp .env.example .env && $EDITOR .env
python -m ioc_ranger -t mixed -i inputs/iocs_mixed.txt -f tablepython -m ioc_ranger --help
# Common:
python -m ioc_ranger -t hashes -i inputs/hashes.txt -f table csv
python -m ioc_ranger -t mixed -i inputs/iocs_mixed.txt -o outputs/results -f table csv jsonVT_API_KEY=...
ABUSEIPDB_API_KEY=...
IPQS_API_KEY=...
CACHE_TTL=86400- Hashes file → show a real snippet of output table and a link to VT GUI from CSV.
- IPs file → highlight AbuseIPDB score + IPQS VPN/Proxy flags.
- Mixed file → show how types are auto-detected.
- Progress bar + ETA
- JSONL & Markdown/HTML report exports
- WHOIS + GeoIP enrichment
- Delta mode (compare runs)
- Windows EXE build (PyInstaller)
- GitHub Actions (lint/test/build)
- 📧 A.eskenazicohen@gmail.com
- 🐈⬛ GitHub