Developer Builds CLI Tool to Triage Suspicious IPs and Domains in One Command
A developer has released an open-source command-line tool called 'indict' that automates the first-pass triage of security indicators such as IP addresses and domains. The tool queries multiple intelligence sources simultaneously, including DNS, RIPEstat, certificate transparency logs, and free threat blocklists, with optional integration for VirusTotal and AbuseIPDB. Even without API keys, it can reach a 'suspicious' verdict by cross-referencing free sources, as demonstrated with a known Tor exit node that was flagged immediately. When API keys are added, the same indicator escalated to 'malicious' after AbuseIPDB reported 100/100 abuse confidence and 15 out of 91 VirusTotal engines flagged it. The tool is designed to avoid false confidence, returning 'unknown' rather than 'clean' when evidence is insufficient.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in