-
Objective: Proxy & VPN Detector - detect whether an IP is behind VPN/Proxy
-
Dependencies
-
Framework used is Python Flask.
-
Setting up Flask - make sure you are in home directory
- sudo apt install python3-venv
- mkdir my_flask_app
- cd my_flask_app
- python3 -m venv sih
- source sih/bin/activate (execute this command in parent directory of sih to activate sih virtual environment)
- pip install Flask (use pip or pip3 - doesn't matter in sih virtual environment)
- python -m flask --version
-
Installing necessary modules/tools/libraries in sih virtual environment
- sudo apt-get install -y net-tools
- sudo apt-get install -y nmap
- sudo apt install -y gcc libpcre3-dev zlib1g-dev libluajit-5.1-dev libpcap-dev openssl libssl-dev libnghttp2-dev libdumbnet-dev bison flex libdnet autoconf libtool
- sudo apt-get install -y wkhtmltopdf
- pip install setuptools
- pip install python3-nmap
- pip install shodan
- pip install ipwhois
- pip install wheel
- pip install json2html
- pip install flask-googlemaps
- pip install pdfkit
- pip install zipfile36
- pip install numpy
-
-
Usage
- Use following command in parent directory of sih project folder $ python app.py
- Enter an IP address in the textbox and Click on 'Submit' to check the results.
-
College - Indian Institute of Technology Tirupati
-
Tasks completed
- Our tool takes 3 secs to get the details of the IP address
- Integrated our tool with 4 APIs(shodan, IP2proxy, IPquality, vpnapi)
- Our tool does real-time analysis
- Implemented honeypot for detecting real-time attacks from VPN/Proxy enabled users
- Detailed reports generated in text, html and pdf formats for further analysis by experts
- Locating the location of origin of IP address using Google Maps
- Maintains history of recently scanned IP addresses
-
Future Improvements
- Machine learning can be used to determine the probabilistic behaviour of an IP in use for proxy/VPN.
- We can use SIEM tools to get the log data of different attacks in real-time
- Collaborating with the governments and ISPs will give us more data of attacks and their IP addresses which will improve our database
- We can plot the data from SIEM tools and other sources(APIs, ISPs and governments) to create a threat map which will be a very useful visualization for a security operations center like BPRD