Following on from by previous post about gathering IPv4 threat intelligence automatically with Python scripts I thought I would follow it up with a PowerShell script I wrote that does something similar.
This script will work on Windows without the need for any extra installs, so it is perfect for users that only have access to Windows in the workplace.
It is often the case that security analysts and sys-admins need to grab bulk lists of IPv4 addresses from a data source, this data source can be logs, websites and intelligence feeds. Data sources such as these can contain lots of redundant data, such as domain names, time stamps etc. etc. In general removing this data can be done simply with a script and this is exactly what that script does.
I have seen a few scripts kicking about that do something similar to this, but they generally contain way more lines of code than is needed (although this does have some ASCII art of cats and dogs that really doesn’t need to be there) as well as requiring some kind of user input. This script is very tight with the code and the only user input required is dragging the input file over to the scripts directory.
This script allows you to take the data source in the form of a file and automatically convert it to a .csv of IPv4 addresses, fully de-deduped and with all redundant removed, ready to be used for whatever purpose you have in mind for it.
The Script is quite raw at the moment, so you will need to make a couple of edits to tailor it to your environment. See below for the bits that you may wish to edit:
- Put the script in you documents folder as such
- The file you want to run the script on will need to be dumped in the same folder
ipv4_*wildcard is used to detect the input file
- Follow this guide if you want to run the PowerShell script with a simple double click of a batch script
I have a script very similar to this that does the same thing, but grabs the input data from the web (similar to the python scripts, but in PowerShell), I will post this in the next few days.