ThreatParser

ThreatParser is a command line tool for downloading and consolidating open source blacklists. The goal of ThreatParser is create a simple utility capable of integrating multiple lists into a singular point for consumption, additionally there is a GeoIP component for locating the country where BlackListed IP Addresses reside.

DOWNLOAD
The ThreatParser tarball can be downloaded here.

INSTALL
ThreatParser is meant to run with minimal installation and dependencies. There are multiple
options for installing the dependencies. There is a gemfile that can be run with bundle as
well as a rakefile that cheats (uses system calls) at installing dependencies as well.

ThreatParser at a minimum need Ruby installed on a system as it is written in
Ruby. In addition Rubygems is also necessary for the program dependencies.

DATABASE
ThreatParser can dump information to a Mysql database. In order to do so, one should set up
a database with the following tables:
ipAddress char(15)
source char(75)
origin char(100)
info char(150)
domain varchar(500)

WEB SITE
Visit the ThreatParser web site for the latest news and downloads

http://www.secanalysis.com/threatparser

EXAMPLE USAGE
#ruby threatparser -v -D -p -f –yaml
#ruby threatparser -p
#ruby threatparser -f

NOTICE
ThreatParser contains pieces of source code that is Copyright (c) 2013 but in general is released under GPL