A Python-based network security automation tool that monitors and manages IP allow lists. Scans for unauthorized IP addresses, validates against threat intelligence feeds, and automatically removes malicious entities. Includes logging and alerting for security team notifications.
- Automated IP Scanning - Scan IP allow lists for unauthorized entries
- Threat Feed Integration - Check IPs against threat intelligence databases
- Real-time Monitoring - Monitor IP lists continuously
- Automated Remediation - Remove malicious IPs automatically
- Logging & Alerting - Comprehensive logging and email alerts
- Python 3.8+
- Administrative privileges (for network operations)
pip install -r requirements.txtCreate a config.json file:
{
"allow_list_file": "ip_allow_list.txt",
"threat_feeds": [
"https://rules.emergingthreats.net/blockrules/compromised-ips.txt"
],
"log_file": "ip_manager.log",
"alert_email": "security@example.com",
"scan_interval": 3600,
"auto_remediate": false
}python ip_manager.py --scanpython ip_manager.py --monitorpython ip_manager.py --remove 192.168.1.100python ip_manager.py --check 192.168.1.100[*] Scanning IP allow list...
[*] Found 150 IPs in allow list
[*] Checking against threat feeds...
[!] Found malicious IP: 192.168.1.100
[!] Found malicious IP: 10.0.0.50
[+] Scan complete: 2 malicious IPs found
[+] Logged to ip_manager.log
ip-allow-list-manager/
├── ip_manager.py # Main management script
├── threat_feed.py # Threat intelligence integration
├── ip_scanner.py # IP scanning utilities
├── logger.py # Logging functionality
├── config.json # Configuration file
├── requirements.txt # Python dependencies
├── README.md # This file
└── ip_allow_list.txt # Sample allow list
MIT License
John Bustamante - Cybersecurity Professional