update visualizations

Author: superstes

visualization/README.md

@@ -19,7 +19,7 @@ Usage:
   * Generate the JSON file
 
       ```bash
-      python3 world_map.py -c ~/Downloads/country_asn.mmdb -4 ~/Downloads/risk_ip4_med.json -6 ~/Downloads/risk_ip6_med.json
+      python3 world_map.py -c ~/Downloads/ipinfo_lite.mmdb -4 ~/Downloads/risk_ip4_med.json -6 ~/Downloads/risk_ip6_med.json
       ```
 
 2. For testing - run the minimal python3 webserver to enable JS to access the JSON file:
@@ -69,7 +69,7 @@ Usage:
   * Generate the JSON file
 
       ```bash
-      python3 net_tree.py -a ~/Downloads/country_asn.mmdb -n ~/Downloads/risk_net4_med.json
+      python3 net_tree.py -a ~/Downloads/ipinfo_lite.mmdb -n ~/Downloads/risk_net4_med.json
       ```
 
 2. For testing - run the minimal python3 webserver to enable JS to access the JSON file:

visualization/asn_chart.html

@@ -10,6 +10,9 @@
             .bubble {
                 overflow: hidden;
             }
+            .bubble:hover {
+                cursor: pointer;
+            }
 
             .bubble-asn {
                 font-weight: bold;
@@ -69,6 +72,11 @@
                 "#E37F6F", "#C5824E", "#FDCA29", "#D99620", "#E7C014", "#F9C630", "#F6BC55", "#B9AB58", "#DB8E94",
                 "#D27E7E",
             ];
+            const URL_KEY_MAP = {
+                'oxl_geoip': 'OXL GeoIP',
+                'ipinfo': 'IPInfo',
+                'shodan': 'Shodan',
+            };
 
             function numberWithDot(x) {
                 return x.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ".");
@@ -88,23 +96,17 @@
                 }
                 infoContainer.innerHTML += `<b>IPv4 Addresses</b>: ${numberWithDot(infos.info.ipv4)}<br>`;
                 infoContainer.innerHTML += `<b>IPv6 Addresses</b>: ${numberWithDot(infos.info.ipv6)}<br>`;
-                let kinds = [];
-                for (let [k, v] of Object.entries(infos.kind)) {
-                    if (v === true) {
-                        kinds.push(k);
-                    }
-                }
-                if (kinds.length > 0) {
-                    infoContainer.innerHTML += `<b>Kind</b>: ${kinds.join(', ')}<br>`;
+                if (infos.kind.length > 0) {
+                    infoContainer.innerHTML += `<b>Kind</b>: ${infos.kind.join(', ')}<br>`;
                 }
-                let urls = [`<a href="https://risk.oxl.app/api/asn/${infos.asn}">oxl_riskdb</a>`];
+                let urls = [`<a href="https://risk.oxl.app/api/asn/${infos.asn}">OXL RiskDB</a>`];
                 for (let [k, v] of Object.entries(infos.info.url)) {
-                    urls.push(`<a href="${v}">${k}</a>`);
+                    urls.push(`<a href="${v}">${URL_KEY_MAP[k]}</a>`);
                 }
                 infoContainer.innerHTML += `<b>URLs</b>: ${urls.join(', ')}<br><hr>`;
-                infoContainer.innerHTML += `<small><b>Relative Reports</b>: ${infos.reports.rel_by_ip4} (by IPv4)</small><br>`;
+                infoContainer.innerHTML += `<small><b>Relative Reports</b>: ${infos.reports.relative_by_ipv4} (by IPv4)</small><br>`;
                 for (let [k, v] of Object.entries(infos.reports)) {
-                    if (k == 'rel_by_ip4') {
+                    if (k == 'relative_by_ipv4') {
                         continue;
                     }
                     infoContainer.innerHTML += `<small><b>Reports ${k}</b>: ${numberWithDot(v)}</small><br>`;
@@ -118,11 +120,11 @@
                     for (let [asn, values] of Object.entries(resp)) {
                         data.push({
                             asn: asn, info: values.info, kind: values.kind, reports: values.reports,
-                            sortBy: values.reports.all,
+                            sortBy: values.reports.sum,
                         })
                     }
 
-                    const sortedData = data.sort((a, b) => b.reports.all - a.reports.all).slice(0, TOP_N);
+                    const sortedData = data.sort((a, b) => b.reports.sum - a.reports.sum).slice(0, TOP_N);
                     console.log(sortedData);
 
                     const colorScale = d3.scaleOrdinal()
@@ -165,7 +167,7 @@
                         .text(d => JSON.stringify(d.data));
 
                     for (let b of document.querySelectorAll(".bubble")) {
-                        b.addEventListener("mouseover", showASNInfos);
+                        b.addEventListener("click", showASNInfos);
                     }
 
                 });

visualization/asn_chart_example.webp

@@ -17,6 +17,9 @@
                 font-weight: bold;
                 transform
             }
+            .net:hover {
+                cursor: pointer;
+            }
 
             .net-cidr {
                 display: inline-block;
@@ -58,7 +61,7 @@
             const WIDTH = window.innerWidth;
             const HEIGHT = window.innerHeight - 50;
             const NET_PAD = 5;
-            const CATEGORIES = ['all', 'bot', 'probe', 'rate', 'attack', 'crawler'];
+            const CATEGORIES = ['sum', 'bot', 'probe', 'rate', 'attack', 'crawler'];
             const COLORSCHEME = [
                 // red-ish
                 "#B93022", "#FF383D", "#D32669", "#C43F03", "#E70291", "#E211C0", "#6A3D52", "#C75839", "#E7A8B0",
@@ -70,6 +73,13 @@
                 "#E37F6F", "#C5824E", "#FDCA29", "#D99620", "#E7C014", "#F9C630", "#F6BC55", "#B9AB58", "#DB8E94",
                 "#D27E7E",
             ];
+            const URL_KEY_MAP_NET = {
+                'asn': 'OXL RiskDB ASN',
+                'net': 'OXL RiskDB Network',
+                'ipinfo_1': 'IPInfo Network-IP',
+                'ipinfo_2': 'IPInfo Network-Range',
+                'ipinfo_asn': 'IPInfo ASN',
+            }
 
             function numberWithDot(x) {
                 return x.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ".");
@@ -87,6 +97,9 @@
                 infoContainer.innerHTML += `<b>Reputation</b>: ${infos.reputation.toUpperCase()}<br>`;
                 infoContainer.innerHTML += `<b>ASN</b>: ${infos.asn}<br>`;
                 infoContainer.innerHTML += `<b>Org</b>: ${infos.as_name}<br>`;
+                if (infos.kind.length > 0) {
+                    infoContainer.innerHTML += `<b>Kind</b>: ${infos.kind.join(', ')}<br>`;
+                }
 
                 if (infos.country !== undefined) {
                     infoContainer.innerHTML += `<b>Country</b>: ${infos.country}<br>`;
@@ -114,7 +127,7 @@
                         .parentId(function(d) { if (d.name == 'root') { return null } else { return 'root' }; })
                         (data.children);
 
-                    root.sum(function(d) { return +d.all })
+                    root.sum(function(d) { return +d.sum })
 
                     d3.treemap()
                         .size([WIDTH, HEIGHT])
@@ -159,7 +172,7 @@
                         let c = n.querySelectorAll("text")[0];
                         c.setAttribute("transform", `translate(${r.x.baseVal.value + NET_PAD}, ${r.y.baseVal.value + NET_PAD + 30})`);
 
-                        n.addEventListener("mouseover", showNetInfos);
+                        n.addEventListener("click", showNetInfos);
                     }
 
                 });

visualization/net_tree.html

@@ -11,7 +11,6 @@
 
 SRC_PATH = Path(__file__).resolve().parent
 TOP_N = 30
-CATEGORIES = ['sum', 'bot', 'probe', 'rate', 'attack', 'crawler']
 
 # todo: add change to last month
 DATA = {
@@ -49,20 +48,17 @@ def main():
                 'name': net,
                 'asn': asn,
                 'as_name': as_name,
-                'url': {
-                    'riskdb_asn': f'https://risk.oxl.app/api/asn/{asn}',
-                    'riskdb_net': f'https://risk.oxl.app/api/net/{ip}',
-                    'ipinfo': f'https://ipinfo.io/{ip}',
-                    'ipinfo_asn': f'https://ipinfo.io/AS{asn}',
-                },
                 **infos,
             }
+            data['url']['net'] = f'https://risk.oxl.app/api/net/{asn}'
+            data['url']['ipinfo_asn'] = f'https://ipinfo.io/AS{asn}'
+            reports = data.pop('reports')
+            data = {**data, **reports}
 
-            if 'country' in ip_md:
-                data['country'] = ip_md['country']
+            if 'country_code' in ip_md:
+                data['country'] = ip_md['country_code']
 
             DATA['children'].append(data)
-
             i += 1
 
     with open(SRC_PATH / 'net_tree.json', 'w', encoding='utf-8') as f:
@@ -71,7 +67,7 @@ def main():
 
 if __name__ == '__main__':
     parser = ArgumentParser()
-    parser.add_argument('-a', '--asn-db', help='MMDB ASN data to use (OXL/IPInfo)', default='country_asn.mmdb')
+    parser.add_argument('-a', '--asn-db', help='MMDB ASN data to use (OXL/IPInfo)', default='ipinfo_lite.mmdb')
     parser.add_argument('-n', '--file-net', help='IPv4 or IPv6 JSON file to parse', default='risk_net4_med.json')
     args = parser.parse_args()
     main()

visualization/net_tree.py

@@ -95,6 +95,6 @@ def main():
     parser = ArgumentParser()
     parser.add_argument('-4', '--file-ip4', help='IPv4 JSON file to parse', default='risk_ip4_med.json')
     parser.add_argument('-6', '--file-ip6', help='IPv6 JSON file to parse', default='risk_ip6_med.json')
-    parser.add_argument('-c', '--country-db', help='MMDB country data to use (IPInfo)', default='country_asn.mmdb')
+    parser.add_argument('-c', '--country-db', help='MMDB country data to use (IPInfo)', default='ipinfo_lite.mmdb')
     args = parser.parse_args()
     main()