TMon is a small tool which monitors the current online threat levels. It has a green, yellow, red level indicator, and information about top attacked ports and countries. It also provides information about the unique attacking sources (IPs)
The script gathers its information from the DShield API provided by SANS.
These are the modules used by TMon
- argparse
- datetime
- ConfigParser
- time
- requests
- os
- fcntl
- termios
- struct
- sys
- termcolor
- json
- pygeoip
- IPy
- Add more port services
- Add functionality for update snapshots
- Add single snapshot functionality (instead of continuous monitoring)
- Add attack difference display to see if anything has change since last update
Before you can use start using TMon you need to do the following
- Download and extract GeoIP.dat from maxmind (direct download)
- Rename config-dist.cfg to config.cfg
- Change the value of filepath under the geolocation section to point to your GeoIP.dat file
-h, --help show this help message and exit
--interval SEC Update interval. Use this to overrive the value in the
configurations
--flush-log Flush log on start
--debug Enable debug mode
--max-ports # Max number of ports to display
--max-ips # Max number of sources to display
--max-countries # Max number of countries to display
--status-only Only display current threat status
usage: tmon.py [-h] [--interval SEC] [--flush-log] [--debug] [--max-ports #]
[--max-ips #] [--max-countries #] [--status-only]
2018-12-08
[+] Fixed a bug with ljust on int
2016-01-28
[+] Fixed bugs
[+] Added new command line options
2015-03-16
[+] Initial release