Skip to content
View ipanalytics's full-sized avatar

Block or report ipanalytics

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ipanalytics/README.md

IP Analytics

IP Analytics banner

IP intelligence, ASN analytics, GeoIP/MMDB engineering, routing security, and infrastructure research

Open datasets, static dashboards, MMDB tooling, enrichment pipelines, routing analytics, and operational network intelligence workflows.

Repositories VPN Infrastructure Intelligence Lab GeoForge ASN Signal Graph

Focus Areas

  • IP and ASN enrichment with provenance and confidence scoring
  • VPN, proxy, Tor, crawler, cloud, CDN, and hosting infrastructure analysis
  • BGP, RPKI, ROA, and routing-security visibility
  • GeoIP/MMDB compilation, validation, diffing, and operational tooling
  • Geofeed discovery and routing-aware geolocation enrichment
  • Static dashboards, APIs, and GitHub-native publishing workflows
  • Operational datasets for SIEM, fraud detection, OSINT, and security analytics

Infrastructure Ecosystem

Infrastructure Intelligence

Project Description
IP-Knowledge-Layer Open enrichment layer for CIDR, ASN, cloud, CDN, crawler, Tor, and VPN-adjacent network context with provenance and confidence.
ASN-Signal-Graph ASN-level infrastructure signal aggregation for VPN overlap, Tor visibility, public-feed exposure, and defensive analytics.
blackroute Local-first reputation pipeline for hostile infrastructure, abuse feeds, anonymizers, scanners, and attack telemetry.
ASN-VPN-Network-Intelligence Lightweight VPN infrastructure overlap and ASN/provider enrichment datasets.

VPN Infrastructure Research

Project Description
VPN-Infrastructure-Intelligence-Lab Aggregate VPN infrastructure intelligence dashboard for provider, ASN, country, and hosting dependency analysis.
vpn-provider-overlap-intelligence Shared infrastructure and provider overlap analysis across ASNs, prefixes, and hosting networks.

Routing and Internet Measurements

Project Description
RouteSentinel Daily route-security snapshot analyzer for BGP RIB dumps and RPKI VRP datasets.
GeoFeed-Harvester RFC 8805 geofeed discovery, validation, provenance tracking, and BGP visibility analysis from public RIR data.

Dashboards and Visibility

Project Description
CrawlerScope Interactive crawler IP intelligence dashboard for AI crawlers, search bots, scanners, and monitoring probes.
Tor-Radar Browser-only Tor relay intelligence dashboard with compact historical snapshots and relay metadata.

GeoIP and MMDB Tooling

Project Description
GeoForge Consensus-based GeoIP compiler combining GeoLite2, DB-IP, IP2Location, geofeeds, RIR, and WHOIS signals.
MMDBForge Toolkit for inspecting, validating, diffing, and analyzing MaxMind DB and custom MMDB datasets.
MMDB-WatchTower Production-safe MMDB updater with validation, rollback, atomic swaps, smoke tests, and Prometheus metrics.

Privacy and Security Tooling

Project Description
PrefixCloak Prefix-preserving IPv4/IPv6 sanitizer for logs, SIEM exports, telemetry, and subnet-safe anonymization workflows.

Infrastructure Model

IP ranges
  -> CIDR normalization
  -> ASN attribution
  -> BGP and RPKI validation
  -> geofeed discovery
  -> hosting and cloud classification
  -> VPN / proxy / Tor / crawler signals
  -> GeoIP and MMDB enrichment
  -> reputation and abuse context
  -> dashboards, CSV exports, static APIs, and lookup databases

Stack

Stack

Formats

CSV JSON JSONL Parquet MMDB CIDR

Network Metadata

ASN BGP RPKI ROA RIR WHOIS GeoIP GeoFeed

Infrastructure Signals

VPN Proxy Tor Crawler Cloud CDN Hosting Scanner Reputation

Current Work

  • Expanding ASN-level infrastructure signal aggregation
  • Building routing-security visibility around BGP and RPKI validation
  • Developing geofeed discovery and provenance pipelines
  • Improving VPN overlap analysis without publishing raw endpoint inventories
  • Building local-first GeoIP, MMDB, and reputation tooling
  • Publishing compact operational datasets for SIEM and analytics workflows

Design Principles

Principle Description
Reproducibility Deterministic dataset generation with auditable inputs
Source Transparency Preserve provenance and confidence metadata
Operational Utility Lightweight exports for pipelines and local lookups
Static Deployment Prefer GitHub-native dashboards and APIs
Defensive Focus Infrastructure intelligence for analytical workflows

Collaboration

Open to collaboration around:

  • IP intelligence datasets
  • ASN and routing analytics
  • VPN and Tor infrastructure research
  • crawler and AI fetcher visibility
  • GeoIP/MMDB quality engineering
  • RPKI and BGP measurements
  • fraud detection and SIEM enrichment

Pinned Loading

  1. CrawlerScope CrawlerScope Public

    Interactive crawler IP intelligence dashboard for search, AI, and user-triggered fetchers.

    Python 1

  2. IP-Knowledge-Layer IP-Knowledge-Layer Public

    Open IP enrichment knowledge layer: CIDR, ASN, cloud, CDN, crawler, Tor, and VPN-adjacent network context with source provenance and confidence.

    Python 1

  3. MMDB-WatchTower MMDB-WatchTower Public

    Production-safe updater for MaxMind DB files with verification, smoke tests, atomic swaps, rollback, and Prometheus metrics.

    Go 1

  4. MMDBForge MMDBForge Public

    MMDB Forge is a developer toolkit for inspecting, validating, diffing, and explaining custom MaxMind DB files.

    Go 1

  5. GeoForge GeoForge Public

    GeoForge compiles a local IPv4 GeoIP database from multiple free or low-cost data sources. The builder uses DB-IP Lite as the prefix seed, merges location candidates from MaxMind GeoLite2, IP2Locat…

    Go 1

  6. blackroute blackroute Public

    Security intelligence pipeline for aggregating hostile IP infrastructure, abuse feeds, anonymizers, and attack telemetry into runtime lookup databases.

    Go 1