Local IP reputation database

Blackroute

Build a local MaxMind-compatible reputation database. Public feeds in. Clean MMDB out.

GitHub Repository Quick Start Outputs
github.com/ipanalytics/blackroute 
$ ./run.sh

Loaded feeds: 42
Merging IPs and CIDR prefixes...
Writing records...
Building MMDB...

release/blackroute.mmdb

Build complete.

Built for infrastructure teams

Use Blackroute in gateways, SIEM pipelines, fraud checks, proxies, enrichment jobs, VPN analytics, and network reputation workflows.

Local first

Run reputation checks without a remote API call.

Deterministic

Same feeds. Same config. Same output.

Auditable

Every record keeps source and label context.

What Blackroute does

Collects public feeds

Abuse, malware, bot, bogon, Tor, VPN, and high-risk infrastructure sources.

Normalizes IP data

Extracts public IP addresses and CIDR prefixes.

Builds MMDB

Writes a MaxMind-compatible local database.

What Blackroute does not do

No DNS crawling

It does not resolve hostnames or crawl DNS.

No scanning

It does not probe, fingerprint, or scan networks.

No hidden enrichment

Feed data stays explicit and traceable.

Quick Start

Clone the repository and build the local database. 

git clone https://github.com/ipanalytics/blackroute.git
cd blackroute

bash scripts/setup-server.sh
./run.sh
Open Repository

Outputs

blackroute.mmdb

MaxMind-compatible reputation database.

CSV

Simple tabular output for review and joins.

JSONL

Streaming-friendly records for pipelines.

Use cases

Gateway policy

Enrich traffic with local reputation labels.

Fraud signals

Add network context to risk scoring.

SIEM enrichment

Attach source-backed labels to events.

Media summary

Blackroute turns public network abuse intelligence into a local, reproducible MMDB artifact. It is designed for operators who need fast lookups, transparent labels, and no external reputation API dependency.

Star on GitHub ipanalytics on GitHub