Your ultimate IP dex!
ipdex is a simple CLI tool to gather insight about a list of IPs or an IP using the CrowdSec CTI (Cyber Threat Intelligence) API.
- ipdex
ipdex helps analysts and security engineers collect and understand information about IP addresses from CrowdSec CTI.
With this tool you can:
- Check an IP's reputation using CTI
- Scan IP or log files and display detailed reports
- Run CrowdSec Search Queries
- Keep a local history of reports for later inspection
📓 All scanned IPs are cached for 48 hours.
To use ipdex, you must create a CrowdSec Console account in order to create an API key.
-
Create an account (free or paid):
👉 https://app.crowdsec.net/ -
Go to:
👉Settings > CTI API Keys
and generate a new API key.
You will use this key during the configuration initialisation.
If you already have Go installed, you can install ipdex directly from the command line.
⚠️ You need to have Go 1.24+ installed and yourGOPATH/binorGOBINmust be in your system'sPATHenvironment variable to run the binary from anywhere.
go install github.com/crowdsecurity/ipdex/cmd/ipdex@latestThis will download, build, and place the ipdex binary into your $GOBIN directory (usually $HOME/go/bin).
Download the binary for your system from the Releases page.
Print your current PATH environment variable to see the folders already in it:
echo $PATHMove the ipdex binary to one of the folders listed. For example, if /usr/local/bin is in your PATH, you can move the binary like this:
sudo mv ~/Downloads/ipdex_linux_amd64 /usr/local/bin/ipdex
chmod +x /usr/local/bin/ipdexsudo mv ~/Downloads/ipdex_darwin_arm64 /usr/local/bin/ipdex
chmod +x /usr/local/bin/ipdexDownload the binary for your system from the Releases page.
If you're using Windows (or WSL), make sure the folder containing the ipdex.exe binary is added to your system PATH.
To run ipdex from anywhere in your terminal, the binary must be in a folder that's part of your PATH.
ipdex initEnter your API key and set your preferences.
ipdex 1.2.3.4
ipdex ips.txt
ipdex /var/log/nginx.log 
💡 Tip: You can output results in different formats (-o json, -o csv) and save them to files using --output-path. See Output formats and Saving reports to files for more details.
Use the init command to:
- Enter your API key
- Get tips about ipdex
All scanned IPs are cached for 48 hours.
ipdex <IP>
ipdex <IP> -r
ipdex <filepath>
When running ipdex on a file that has been previously scanned, it will update the existing report. Refreshing the file is particularly useful if some IPs are still cached and you wish to refresh the entire report.
ipdex <filepath> -r
ipdex supports multiple output formats to suit different use cases using the -o option:
- human (default): Interactive, colorized output optimized for terminal viewing
- json:
-o jsonMachine-readable JSON format for programmatic processing - csv:
-o csvComma-separated values format for spreadsheet analysis
You can save reports to disk using the --output-path flag. This works with all output formats and automatically creates separate files for the report summary and the detailed IP information (if you used the -d option).
# Save report as CSV files report and details
ipdex ips.txt -o csv -d --output-path /path/to/output
# This creates:
# - /path/to/output/report_<id>.csv (summary statistics)
# - /path/to/output/report_<id>_details.csv (detailed IP information, when using -d flag)
# You can also do it for an existing report
ipdex report show 18 -o csv --output-path /path/to/output -d
**Note:** When using `--output-path`, reports are saved to files in addition to being displayed in the terminal.
### Display all reports
ipdex report list
#### Showing a specific report
ipdex report show # -d to see all IPs
## Commands
### `init`
Setup your configuration for the first time:
```bash
ipdex init
Interactive prompts will help you enter:
- API key (required)
Manage your local reports.
ipdex report list# View a report in human-readable format
ipdex report show 2
# View report with details as CSV and save
ipdex report show 2 -o csv --output-path ./exports -dipdex report delete 2You can find the documentation for search queries here.
By default, the since parameter is set to 30d.
- For the free plan, the page size is limited to
10. - For premium plans, the page size increases to
1000.
ipdex search "cves:CVE-2025-2748"ipdex search 'behaviors.label:"HTTP Scan"' --since 30mipdex search 'classifications.classifications.label:"VPN or Proxy" AND reputation:malicious' --since 1h -dManually view or change your saved config:
ipdex configipdex config showipdex config set --api-key <API-KEY>MIT License — see the LICENSE file.