jschell · August 15, 2025 22:17
diff --git a/Get-ReportAbuseIPDB.ps1 b/Get-ReportAbuseIPDB.ps1
 function Get-ReportAbuseIPDB
 {
 <#
 .SYNOPSIS
 Check one or more IpAddresses against AbuseIPDB.com 
 Requires AbuseIPDB.com account (free) to create API key.

 .PARAMETER IPAddress
 One or more IpAddresses to check against AbuseIPDB.com

 .PARAMETER DaysAgo
 Number of days ago to check history of complaints stored by AbuseIPDB

 .NOTES

 #### Name:      Get-ReportAbuseIPDB
 #### Author:    J Schell
 #### Version:   0.1.0
 #### License:   MIT License

 ### ChangeLog

 ##### 2019-06-26::0.1.0 
 - initial creation
 - fixing glaring mistakes pre-release
 #>


    [CmdletBinding()]
    Param
    (
        [string[]]
        $IPAddress,
        
        [ValidateRange(1,365)]
        $DaysAgo = 90
    )
    
    Begin
    {
        $apiKey = $env:abuseipdbkey
        if( ($apiKey.Length -lt 20) -or ($apiKey.Length -gt 96))
        {
            Throw "API Key not found or unexpected length. Configure with `'Set-Item -path env:abuseipdbkey -value KEYVALUE`'."
        }
        
        $reportCategory = New-Object System.Collections.Specialized.OrderedDictionary
        $reportCategory.Add("Fraud Orders", 3)
        $reportCategory.Add("DDoS", 4)
        $reportCategory.Add("FTP Brute-Force", 5)
        $reportCategory.Add("Ping of Death", 6)
        $reportCategory.Add("Phishing", 7)
        $reportCategory.Add("Fraud VoIP", 8)
        $reportCategory.Add("Open Proxy", 9)
        $reportCategory.Add("Web Spam", 10)
        $reportCategory.Add("Email Spam", 11)
        $reportCategory.Add("Blog Spam", 12)
        $reportCategory.Add("VPN IP", 13)
        $reportCategory.Add("Port Scan", 14)
        $reportCategory.Add("Hacking", 15)
        $reportCategory.Add("SQL Injection", 16)
        $reportCategory.Add("Spoofing", 17)
        $reportCategory.Add("Brute-Force", 18)
        $reportCategory.Add("Bad Web Bot", 19)
        $reportCategory.Add("Exploited Host", 20)
        $reportCategory.Add("Web App Attack", 21)
        $reportCategory.Add("SSH Secure Shell (SSH) abuse", 22)
        $reportCategory.Add("IoT Targeted", 23)
        
        
        
        $Headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
        $Headers.Add("Key",$apiKey)
        $Headers.Add("Accept","application/json")
    }
    Process
    {
        $queryResultSet = New-Object -TypeName System.Collections.ArrayList
        
        foreach($ipAddr in $IPAddress)
        {
            $uri = "https://api.abuseipdb.com/api/v2/check?ipAddress=$($ipAddr)&maxAgeInDays=$($DaysAgo)&verbose"
            $queryResult = Invoke-RestMethod -Method Get -Uri $uri -Headers $Headers
            
            $queryResultClean = New-Object -TypeName PsObject -Property ([ordered]@{
                IPAddress = $queryResult.data.ipAddress
                PublicAddress = $queryResult.data.isPublic
                IPVersion = $queryResult.data.ipVersion
                Whitelisted = $queryResult.data.isWhitelisted
                AbuseConfidenceScore = $queryResult.data.abuseConfidenceScore
                UsageType = $queryResult.data.usageType
                ISP = $queryResult.data.isp
                Domain = $queryResult.data.domain
                CountryCode = $queryResult.data.countryCode
                CountryName = $queryResult.data.countryName
                ReportsTotal = $queryResult.data.totalReports
                ReportsDistinctUsers = $queryResult.data.numDistinctUsers
                ReportsLastReported = $queryResult.data.lastReportedAt
                ReportedCategories = ""
                Reports = @()
            })
            
            if($queryResult.data.reports.count -gt 0)
            {
                
                foreach($report in $queryResult.data.reports)
                {
                    $categories = @()
                    foreach($reportCategoryID in $report.categories)
                    {
                        $categories += @($reportCategory.GetEnumerator().Where({$_.Value -eq $reportCategoryID}).name)
                    }
                    $reportClean = New-Object -TypeName PsObject -Property ([ordered]@{
                        reportDate = $report.reportedAt
                        reportCategories = $categories
                        reporterID = $report.reporterId
                    })
                    $queryResultClean.Reports += @($reportClean)
                    $queryResultClean.ReportedCategories = $reportClean.reportCategories -join ','
                }
            }
            
            [void]$queryResultSet.Add($queryResultClean)
        }
    }
    End
    {
        $queryResultSet
    }
 }
	function Get-ReportAbuseIPDB
	{
	<#
	.SYNOPSIS
	Check one or more IpAddresses against AbuseIPDB.com
	Requires AbuseIPDB.com account (free) to create API key.

	.PARAMETER IPAddress
	One or more IpAddresses to check against AbuseIPDB.com

	.PARAMETER DaysAgo
	Number of days ago to check history of complaints stored by AbuseIPDB

	.NOTES

	#### Name: Get-ReportAbuseIPDB
	#### Author: J Schell
	#### Version: 0.1.0
	#### License: MIT License

	### ChangeLog

	##### 2019-06-26::0.1.0
	- initial creation
	- fixing glaring mistakes pre-release
	#>


	[CmdletBinding()]
	Param
	(
	[string[]]
	$IPAddress,

	[ValidateRange(1,365)]
	$DaysAgo = 90
	)

	Begin
	{
	$apiKey = $env:abuseipdbkey
	if( ($apiKey.Length -lt 20) -or ($apiKey.Length -gt 96))
	{
	Throw "API Key not found or unexpected length. Configure with `'Set-Item -path env:abuseipdbkey -value KEYVALUE`'."
	}

	$reportCategory = New-Object System.Collections.Specialized.OrderedDictionary
	$reportCategory.Add("Fraud Orders", 3)
	$reportCategory.Add("DDoS", 4)
	$reportCategory.Add("FTP Brute-Force", 5)
	$reportCategory.Add("Ping of Death", 6)
	$reportCategory.Add("Phishing", 7)
	$reportCategory.Add("Fraud VoIP", 8)
	$reportCategory.Add("Open Proxy", 9)
	$reportCategory.Add("Web Spam", 10)
	$reportCategory.Add("Email Spam", 11)
	$reportCategory.Add("Blog Spam", 12)
	$reportCategory.Add("VPN IP", 13)
	$reportCategory.Add("Port Scan", 14)
	$reportCategory.Add("Hacking", 15)
	$reportCategory.Add("SQL Injection", 16)
	$reportCategory.Add("Spoofing", 17)
	$reportCategory.Add("Brute-Force", 18)
	$reportCategory.Add("Bad Web Bot", 19)
	$reportCategory.Add("Exploited Host", 20)
	$reportCategory.Add("Web App Attack", 21)
	$reportCategory.Add("SSH Secure Shell (SSH) abuse", 22)
	$reportCategory.Add("IoT Targeted", 23)



	$Headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
	$Headers.Add("Key",$apiKey)
	$Headers.Add("Accept","application/json")
	}
	Process
	{
	$queryResultSet = New-Object -TypeName System.Collections.ArrayList

	foreach($ipAddr in $IPAddress)
	{
	$uri = "https://api.abuseipdb.com/api/v2/check?ipAddress=$($ipAddr)&maxAgeInDays=$($DaysAgo)&verbose"
	$queryResult = Invoke-RestMethod -Method Get -Uri $uri -Headers $Headers

	$queryResultClean = New-Object -TypeName PsObject -Property ([ordered]@{
	IPAddress = $queryResult.data.ipAddress
	PublicAddress = $queryResult.data.isPublic
	IPVersion = $queryResult.data.ipVersion
	Whitelisted = $queryResult.data.isWhitelisted
	AbuseConfidenceScore = $queryResult.data.abuseConfidenceScore
	UsageType = $queryResult.data.usageType
	ISP = $queryResult.data.isp
	Domain = $queryResult.data.domain
	CountryCode = $queryResult.data.countryCode
	CountryName = $queryResult.data.countryName
	ReportsTotal = $queryResult.data.totalReports
	ReportsDistinctUsers = $queryResult.data.numDistinctUsers
	ReportsLastReported = $queryResult.data.lastReportedAt
	ReportedCategories = ""
	Reports = @()
	})

	if($queryResult.data.reports.count -gt 0)
	{

	foreach($report in $queryResult.data.reports)
	{
	$categories = @()
	foreach($reportCategoryID in $report.categories)
	{
	$categories += @($reportCategory.GetEnumerator().Where({$_.Value -eq $reportCategoryID}).name)
	}
	$reportClean = New-Object -TypeName PsObject -Property ([ordered]@{
	reportDate = $report.reportedAt
	reportCategories = $categories
	reporterID = $report.reporterId
	})
	$queryResultClean.Reports += @($reportClean)
	$queryResultClean.ReportedCategories = $reportClean.reportCategories -join ','
	}
	}

	[void]$queryResultSet.Add($queryResultClean)
	}
	}
	End
	{
	$queryResultSet
	}
	}
No results found