nrich: A Tool for Fast IP enrichment
You have a long list of IPs and you quickly want to get a basic idea of what they're running for the purpose of:
- Make sure they're not exposing any unexpected services
- Filter out VPN IPs from a list of IOCs
- Prioritize IPs that have possible vulnerabilities
Introducing nrich, a command-line tool to quickly analyze all IPs in a file and see which ones have open ports/ vulnerabilities:
https://gitlab.com/shodan-public/nrich
It's difficult to capture with Asciinema just how fast it is but here's a short demonstration:
nrich currently supports 3 output formats:
shell
(default): a user-friendly view of the information.json
: creates a single JSON object containing all the information. Useful if you want to store the results in a separate file that can be then loaded by other tools.ndjson
: newline-delimited JSON prints a single JSON object for every line. Use this if you want to pipe the results to another tool such asjq
.
Behind the scenes, nrich takes advantage of Shodan's new InternetDB API to efficiently lookup IPs without requiring an API key. Release builds are available for Windows, MacOS and Linux.