import requests
import json# 微步API的URL和你的API密钥
API_URL = "https://api.threatbook.cn/v3/ip/query"
API_KEY = "***"  # 替换为你的微步API密钥
def query_threatbook(ip):"""查询微步API接口，判断IP是否为可疑"""# 构造请求参数params = {"apikey": API_KEY,"resource": ip,  # 查询的目标IP"lang": "zh",    # 语言设置为中文}try:# 发送GET请求response = requests.get(API_URL, params=params)response.raise_for_status()  # 检查请求是否成功result = response.json()  # 解析返回的JSON数据return resultexcept requests.exceptions.RequestException as e:print(f"请求微步API失败: {e}")return Nonedef summarize_result(result, ip):"""根据API返回结果总结是否为可疑IP"""if not result:print("API返回结果为空，请检查API密钥和网络连接。")return# 检查API响应结构if "data" not in result:print("API响应中缺少 'data' 字段，请检查API接口或输入的IP地址。")returndata = result["data"]ip_info = data.get(ip, {})# 提取威胁情报和标签信息judgments = ip_info.get("judgments", [])  # 威胁标签intelligences = ip_info.get("intelligences", {}).get("threatbook_lab", [])  # 情报信息basic_info = ip_info.get("basic", {})  # 基础信息（如运营商、地理位置）ports = ip_info.get("ports", [])  # 开放端口信息# 展示基础信息print("\n🔍 IP 基础信息:")if basic_info:carrier = basic_info.get("carrier", "未知")location = basic_info.get("location", {})country = location.get("country", "未知")province = location.get("province", "未知")city = location.get("city", "未知")print(f"  - 运营商: {carrier}")print(f"  - 地理位置: {country} {province} {city}")else:print("  - 无基础信息")# 展示威胁标签print("\n⚠️ 威胁标签:")if judgments:for tag in judgments:print(f"  - {tag}")else:print("  - 无威胁标签")# 展示详细情报信息print("\n🔍 详细情报信息:")if intelligences:for intel in intelligences:source = intel.get("source", "未知")confidence = intel.get("confidence", "未知")expired = "已过期" if intel.get("expired") else "未过期"intel_types = ", ".join(intel.get("intel_types", []))print(f"  - 来源: {source}, 置信度: {confidence}, 状态: {expired}, 类型: {intel_types}")else:print("  - 无详细情报信息")# 展示开放端口信息print("\n🔍 开放端口信息:")if ports:for port_info in ports:port = port_info.get("port", "未知")module = port_info.get("module", "未知")print(f"  - 端口: {port}, 协议: {module}")else:print("  - 无开放端口信息")# 安全性总结print("\n✅ 安全性总结:")if judgments:print(f"  - 该IP被标记为 **可疑**，威胁标签包括: {', '.join(judgments)}")else:print(f"  - 该IP **未被标记为可疑**，暂未发现威胁标签。")def main():"""主函数，查询用户输入的IP是否为可疑"""# 用户输入ip = input("请输入要查询的IP地址: ").strip()# 查询微步APIresult = query_threatbook(ip)# 总结并展示结果if result:summarize_result(result, ip)else:print("查询失败，请检查API密钥和网络连接。")if __name__ == "__main__":main()

通过微步API接口对单个IP进行查询效果，其实还可以弄成批量的。我发现反复查询同一个IP,查一次算一次，所以得注意，批量我也测试了，好用，就是费钱。