import requests
import json
# 微步API的URL和你的API密钥
API_URL = "https://api.threatbook.cn/v3/ip/query"
API_KEY = "***" # 替换为你的微步API密钥
def query_threatbook(ip):
"""查询微步API接口,判断IP是否为可疑"""
# 构造请求参数
params = {
"apikey": API_KEY,
"resource": ip, # 查询的目标IP
"lang": "zh", # 语言设置为中文
}
try:
# 发送GET请求
response = requests.get(API_URL, params=params)
response.raise_for_status() # 检查请求是否成功
result = response.json() # 解析返回的JSON数据
return result
except requests.exceptions.RequestException as e:
print(f"请求微步API失败: {e}")
return None
def summarize_result(result, ip):
"""根据API返回结果总结是否为可疑IP"""
if not result:
print("API返回结果为空,请检查API密钥和网络连接。")
return
# 检查API响应结构
if "data" not in result:
print("API响应中缺少 'data' 字段,请检查API接口或输入的IP地址。")
return
data = result["data"]
ip_info = data.get(ip, {})
# 提取威胁情报和标签信息
judgments = ip_info.get("judgments", []) # 威胁标签
intelligences = ip_info.get("intelligences", {}).get("threatbook_lab", []) # 情报信息
basic_info = ip_info.get("basic", {}) # 基础信息(如运营商、地理位置)
ports = ip_info.get("ports", []) # 开放端口信息
# 展示基础信息
print("\n🔍 IP 基础信息:")
if basic_info:
carrier = basic_info.get("carrier", "未知")
location = basic_info.get("location", {})
country = location.get("country", "未知")
province = location.get("province", "未知")
city = location.get("city", "未知")
print(f" - 运营商: {carrier}")
print(f" - 地理位置: {country} {province} {city}")
else:
print(" - 无基础信息")
# 展示威胁标签
print("\n⚠️ 威胁标签:")
if judgments:
for tag in judgments:
print(f" - {tag}")
else:
print(" - 无威胁标签")
# 展示详细情报信息
print("\n🔍 详细情报信息:")
if intelligences:
for intel in intelligences:
source = intel.get("source", "未知")
confidence = intel.get("confidence", "未知")
expired = "已过期" if intel.get("expired") else "未过期"
intel_types = ", ".join(intel.get("intel_types", []))
print(f" - 来源: {source}, 置信度: {confidence}, 状态: {expired}, 类型: {intel_types}")
else:
print(" - 无详细情报信息")
# 展示开放端口信息
print("\n🔍 开放端口信息:")
if ports:
for port_info in ports:
port = port_info.get("port", "未知")
module = port_info.get("module", "未知")
print(f" - 端口: {port}, 协议: {module}")
else:
print(" - 无开放端口信息")
# 安全性总结
print("\n✅ 安全性总结:")
if judgments:
print(f" - 该IP被标记为 **可疑**,威胁标签包括: {', '.join(judgments)}")
else:
print(f" - 该IP **未被标记为可疑**,暂未发现威胁标签。")
def main():
"""主函数,查询用户输入的IP是否为可疑"""
# 用户输入
ip = input("请输入要查询的IP地址: ").strip()
# 查询微步API
result = query_threatbook(ip)
# 总结并展示结果
if result:
summarize_result(result, ip)
else:
print("查询失败,请检查API密钥和网络连接。")
if __name__ == "__main__":
main()
通过微步API接口对单个IP进行查询效果,其实还可以弄成批量的。我发现反复查询同一个IP,查一次算一次,所以得注意,批量我也测试了,好用,就是费钱。
