Skip to content

Bustmalone/ip-allow-list-manager

Repository files navigation

Automated IP Allow List Manager

A Python-based network security automation tool that monitors and manages IP allow lists. Scans for unauthorized IP addresses, validates against threat intelligence feeds, and automatically removes malicious entities. Includes logging and alerting for security team notifications.

Features

  • Automated IP Scanning - Scan IP allow lists for unauthorized entries
  • Threat Feed Integration - Check IPs against threat intelligence databases
  • Real-time Monitoring - Monitor IP lists continuously
  • Automated Remediation - Remove malicious IPs automatically
  • Logging & Alerting - Comprehensive logging and email alerts

Requirements

  • Python 3.8+
  • Administrative privileges (for network operations)

Installation

pip install -r requirements.txt

Configuration

Create a config.json file:

{
  "allow_list_file": "ip_allow_list.txt",
  "threat_feeds": [
    "https://rules.emergingthreats.net/blockrules/compromised-ips.txt"
  ],
  "log_file": "ip_manager.log",
  "alert_email": "security@example.com",
  "scan_interval": 3600,
  "auto_remediate": false
}

Usage

Scan IP allow list

python ip_manager.py --scan

Monitor continuously

python ip_manager.py --monitor

Remove specific IP

python ip_manager.py --remove 192.168.1.100

Validate IP against threat feeds

python ip_manager.py --check 192.168.1.100

Example Output

[*] Scanning IP allow list...
[*] Found 150 IPs in allow list
[*] Checking against threat feeds...
[!] Found malicious IP: 192.168.1.100
[!] Found malicious IP: 10.0.0.50
[+] Scan complete: 2 malicious IPs found
[+] Logged to ip_manager.log

Project Structure

ip-allow-list-manager/
├── ip_manager.py          # Main management script
├── threat_feed.py         # Threat intelligence integration
├── ip_scanner.py          # IP scanning utilities
├── logger.py              # Logging functionality
├── config.json            # Configuration file
├── requirements.txt       # Python dependencies
├── README.md             # This file
└── ip_allow_list.txt     # Sample allow list

Security Notice

⚠️ Use responsibly. Always test in a development environment first. Automated remediation can disrupt network access.

License

MIT License

Author

John Bustamante - Cybersecurity Professional

About

Automated IP allow list manager with threat feed validation, real-time monitoring, and alert notifications

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages