A comprehensive network utility for gathering intelligence about IP addresses, MAC addresses, and domains. Designed for security monitoring, incident response, and threat assessment.
If unauthorized users can access protected routes: Fix authentication and authorization first. This tool helps you understand and monitor threats—it does not replace proper access controls.
| Module | Description |
|---|---|
| IP Intelligence | Geolocation, ASN, ISP, RDAP/WHOIS, reverse DNS, port scan with banner grabbing, SSL cert |
| Custom Features | IP block/subnet analysis, Certificate Transparency (crt.sh), Organization/registrant from reverse DNS→WHOIS |
| Threat Feeds | AbuseIPDB, GreyNoise, VirusTotal, Shodan (with API keys) |
| MAC Lookup | Vendor identification from OUI |
| Domain Analysis | DNS (A, AAAA, MX, NS, TXT), WHOIS, SSL certificate |
| Web UI | Professional dashboard with OpenStreetMap, IP/MAC/domain lookups |
# One-time setup
python -m venv .venv
.venv/bin/pip install -e .
# CLI
.venv/bin/netutils lookup 72.153.231.53
.venv/bin/netutils mac 00:1A:2B:3C:4D:5E
.venv/bin/netutils domain example.com
# Web UI
.venv/bin/netutils serve
# Then open http://localhost:8085Create .env in project root:
ABUSEIPDB_API_KEY= # Threat intel (free: 1000/day)
IPINFO_TOKEN= # Enhanced geolocation
GREYNOISE_API_KEY= # Threat classification
VIRUSTOTAL_API_KEY= # Malware scan (4 req/min free)
SHODAN_API_KEY= # Port/service intel (paid)from netutils import NetUtils
nu = NetUtils()
report = nu.lookup_ip("72.153.231.53")
print(report.threat_score)
print(report.geolocation.country)
print(report.port_scan.open_ports) # If full=True- Use only for authorized security monitoring of your own systems
- IP addresses identify networks/ranges, not individuals
- Comply with GDPR, CCPA, and local privacy laws when collecting visitor data