Tornados

Tornados is a library and cli tool to automate downloading tor exit nodes list and enrich this list by geo ip info. For Tor exit nodes list this source is used. For enrichment GeoLite2 Free Geolocation Data is used.

Cli tool

When tornados used as cli tool it download ip addresses into memory, then download ip geolocation base and save it as GeoLite2-Country.mmdb into current directory.

Finally it create in current directory csv file tor_exit_nodes_list.csv where first column is a tor exit node ip address, second column is a country ISO code (RU for example) and third column is country name string.

To install

gem install tornados

To use (-k - is a MaxMind secret key):

tornados -k key

or (MaxMind keys as environmet variable and -i key define what country nodes to include into result):

GEO_API_DATABASE_LICENSE_KEY=key tornados -i RU

After this, tor_exit_nodes_list.csv will be created in current directory.

You can use this file in SIEM, for example, to detection malicious network traffic. To display help info:

tornados -h

Library

For use tornados in your ruby application: add to Gemfile

gem "tronados"

in code

require "tornados"

Now you can use tornado services (see below).

Tornados::NodesFetcher

Tornados::NodesFetcher.call

returns array of arrays whith next format [[ip address 1], [ip address 2] ... [ip address N]]

Tornados::MaxDbFetcher

Tornados::MaxDbFetcher.call(key)

download to disk max db file and return path to it

Tornados::GeoEnrich

Tornados::GeoEnrich.call(tor_exit_nodes, geobase_file_path)

add to ip array, two columns with geo ip info [[ip address 1, ISO code, country name], ...]

Tornados::CsvFormater

Tornados::CsvFormater.call(enriched_tor_exit_nodes)

create csv string from ip list array

Tornados::FileWriter

Tornados::FileWriter.call(csv_enriched_tor_exit_nodes, result_file)

write csv file to disk

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/tornado.

License

The gem is available as open source under the terms of the MIT License.