Information Gathering

ipChecker – Check If A IP Is From Tor Or Is A Malicious Proxy

Tool to check if a given IP is a node tor or an open proxy.

Sometimes all your throttles are not enough to stop brute force attacks or any kind of massive attacks, so it can help you to drop, some attackers who use tor or open proxies.

How it works
The ipChecker has some plugins which scrap proxies ips from public sites, all this ip’s are stored in a database where you can make consults using the provided API.
Basically, when you run the command make run it will start docker swarm create one service for the API wich can be escaleted and starts with 4 containers, another service for the updater which is the script responsible to run all the plugins that grab all the proxies and tor nodes,this service starts with only one container, and at last one container for the mongodb where all data are stored.
The containers communicate through a docker network called ipchecker-network, and only the port 8080 is exposed where you consume the API.
To avoid a lot of false positive, the api only returns ip’s from the curent day, because almost proxies servers and tor nodes, are dinamic ip’s.

Here is the list of working plugins on ipChecker



git clone
cd ipchecker/

Option to execute the service:

make buldBuild all images
make runBuild and run all images
make stopStop all services
make wipeStop all services and wipe all images and mongodb data

If you don’t have docker, you’ll need to install it. (Docker Install)

Basic Usage
Here is the basic usage of the API, for see all the endpoints and access the / endpoint.

/GETDocument of all endpoints
/statisticsGETInformations about blocked requests, allowed requests, and number of all proxies on database(per day)
/ips?ip= for a single IP on database
/allGETreturn all ips on database


About the author


Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: