MCPcopy Index your code
hub / github.com/bekkaze/abusebox

github.com/bekkaze/abusebox @v1.1.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.1.2 ↗ · + Follow
310 symbols 948 edges 94 files 14 documented · 5%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

AbuseBox Logo

AbuseBox

Open-source threat monitoring toolkit for IPs, domains, and servers.

Check blacklists, query AbuseIPDB, inspect DNS/SSL/DMARC records, scan subnets, and verify server uptime — all from one dashboard.

License: MIT GitHub release GitHub stars


Screenshots

Landing Page — instant blacklist check from the homepage

Landing page

Dashboard — monitoring summary with stats and history charts

Dashboard

Assets — card-based view of all monitored hostnames with check badges

Assets

Asset Detail — tabbed results for every enabled check (Blacklist, AbuseIPDB, DNS, SSL, WHOIS, DMARC, Server Status)

Asset detail


Why AbuseBox?

Most blacklist tools check one thing at a time. AbuseBox gives you a single pane of glass to:

  • Scan 60+ DNSBL providers in seconds
  • Get AbuseIPDB reputation scores alongside blacklist results
  • Run bulk checks on up to 20 IPs/domains at once
  • Scan entire subnets (CIDR /24) for blacklisted IPs
  • Pull WHOIS, DNS records, and SSL certificate details with one click
  • Validate SPF / DKIM / DMARC email authentication
  • Check if a server is up or down with DNS, port, and HTTP checks
  • Register assets and run all checks with configurable toggles
  • Schedule periodic checks with email and webhook alerts
  • Export results to CSV and track history with charts
  • Switch between light and dark mode

No vendor lock-in. No paid tiers. Self-host it and own your data.


Features

Feature Description Auth required
Blacklist Quick Check Scan hostname/IP against 60+ DNSBL providers No
Bulk Check Check up to 20 IPs/domains in a single request No
Subnet / CIDR Check Scan an entire IP range (max /24) against key DNSBL providers No
AbuseIPDB IP reputation score, abuse reports, ISP & geolocation No
WHOIS Lookup Domain registrar, dates, name servers, registrant info No
DNS Record Viewer A, AAAA, MX, TXT, CNAME, NS, SOA, PTR records No
SSL Certificate Checker Validity, expiry, issuer, cipher, SAN list No
SPF / DKIM / DMARC Email authentication validation with A-F grading No
Is Server Up? DNS resolution, port scan (80/443), HTTP status & response time No
CSV Export Download blacklist and subnet results as CSV No
Bulk Asset Import Create up to 50 assets in one API request Yes
CIDR Import Import an IP range (max /24) as monitored assets from the UI Yes
Assets Register domains/IPs and run all checks with per-asset toggles Yes
Asset Detail View Tabbed results for every check type with summary cards Yes
Scheduled Monitoring Automatic periodic re-checks with email/webhook alerts Yes
Historical Charts Visual blacklist history per monitored asset Yes
Re-check Asset Re-run all enabled checks on any asset with one click Yes
Delist Workflow Request delisting from supported providers Yes
Search & Filter Search assets by hostname/type, filter by clean/listed status Yes
Auto-refresh Configurable auto-refresh (30s/1m/5m) on Dashboard and Assets Yes
Copy to Clipboard One-click copy on IPs, DNS records, WHOIS data, SSL details -
Relative Timestamps "2 hours ago" with full datetime tooltip on hover -
Dark Mode Toggle between light and dark themes, persisted to localStorage -
Responsive Layout Collapsible sidebar with hamburger menu on mobile -
Favicon Alert Red badge on favicon when any asset is blacklisted -
API Documentation Swagger UI & ReDoc for all endpoints No

Quick Start

Docker (recommended)

git clone https://github.com/bekkaze/abusebox
cd abusebox
cp backend/.env.example .env    # configure your settings
docker compose up --build

Open http://localhost:3000 and you're ready to go.

Default login: admin / password123

Manual Setup

Click to expand

Prerequisites: Python 3.11+, Node.js 18+, Yarn

Backend:

cd backend
cp .env.example .env
pip install -r requirements.txt
uvicorn app.main:app --host 0.0.0.0 --port 8100 --reload

Frontend (new terminal):

cd frontend
cp .env.example .env
yarn install
yarn dev

Open http://localhost:3000.


Configuration

Create a .env file in the project root (Docker reads it automatically):

APP_SECRET_KEY=replace-this-secret
APP_DEBUG=true
APP_CORS_ALLOWED_ORIGINS=http://localhost:3000
DATABASE_URL=sqlite:///./app.db

# Default admin credentials
DEFAULT_ADMIN_USERNAME=admin
DEFAULT_ADMIN_PASSWORD=password123
DEFAULT_ADMIN_EMAIL=admin@abusebox.local
DEFAULT_ADMIN_PHONE=11111111

# Optional: AbuseIPDB (free key at https://www.abuseipdb.com/account/api)
ABUSEIPDB_API_KEY=

# Scheduled monitoring
SCHEDULER_ENABLED=false
SCHEDULER_INTERVAL_MINUTES=360

# Email alerts (optional)
SMTP_HOST=
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_EMAIL=
SMTP_USE_TLS=true

# Webhook alerts (optional)
WEBHOOK_URL=
Variable Description Required
APP_SECRET_KEY JWT signing secret (change in production) Yes
APP_DEBUG Enable debug mode No
DATABASE_URL Database connection string (SQLite default) No
ABUSEIPDB_API_KEY Enables AbuseIPDB reputation checks No
SCHEDULER_ENABLED Enable periodic background checks No
SCHEDULER_INTERVAL_MINUTES Check interval in minutes (default: 360) No
SMTP_HOST SMTP server for email alerts No
WEBHOOK_URL Webhook URL for blacklist alert POSTs No

DNS Records, SSL Checker, WHOIS, SPF/DKIM/DMARC, and Server Status work out of the box with no API keys.

Frontend config (frontend/.env):

Variable Description
VITE_BASE_URL Backend URL for Vite proxy (default: http://localhost:8100)

API Endpoints

All tool endpoints are public (no auth required):

GET /blacklist/quick-check/?hostname=example.com
GET /tools/abuseipdb/?hostname=8.8.8.8
GET /tools/whois/?hostname=example.com
GET /tools/dns/?hostname=example.com
GET /tools/ssl/?hostname=example.com
GET /tools/email-security/?hostname=example.com
GET /tools/server-status/?hostname=example.com
GET /tools/subnet/?cidr=192.168.1.0/24
GET /tools/bulk-check/?hostnames=example.com,8.8.8.8
GET /tools/export/blacklist/?hostname=example.com
GET /tools/export/subnet/?cidr=192.168.1.0/24
POST /hostname/bulk/                      # (auth required)
POST /hostname/cidr-import/               # (auth required)
POST /hostname/{id}/recheck/              # (auth required)

Full interactive docs available after startup:

  • Swagger UI: http://localhost:8100/swagger/
  • ReDoc: http://localhost:8100/redoc/

Tech Stack

Layer Technology
Backend FastAPI, SQLAlchemy, JWT (python-jose), dnspython
Frontend React 18, Vite 6, Tailwind CSS, Mantine, Recharts
Database SQLite (swappable via DATABASE_URL)
Deployment Docker + Docker Compose

Project Structure

abusebox/
├── backend/
│   └── app/
│       ├── api/routers/       # auth, blacklist, hostname, tools
│       ├── core/              # config, JWT security
│       ├── db/                # SQLAlchemy session, seed data
│       ├── models/            # ORM models
│       ├── schemas/           # Pydantic schemas
│       └── services/          # dnsbl, abuseipdb, whois, dns, ssl,
│                              # email security, subnet, export,
│                              # check runner, notifications, scheduler
├── frontend/
│   └── src/
│       ├── pages/             # Landing, Login, Assets, AssetDetail,
│       │                      # Dashboard, Check & Lookup tools
│       ├── components/        # Reusable UI (shared: Skeleton, CopyButton,
│       │                      # TimeAgo, AutoRefresh, ErrorBoundary)
│       ├── services/          # API client functions, auth, theme
│       └── routes/            # React Router config
├── docker-compose.yml
└── .env

Releases

Version Date Highlights
v1.1.2 March 26, 2026 Bulk asset import, CIDR import, auto-refresh auth, persistent DB, DNSBL false positive fix, community bug fixes
v1.1.1 March 25, 2026 UX polish, responsive mobile layout, asset re-check, code splitting, security fixes
v1.1.0 March 23, 2026 Asset management, DNS/SSL/DMARC tools, bulk & subnet check, scheduled monitoring, dark mode, 60+ DNSBL providers
v1.0.1 March 19, 2026 AbuseIPDB, WHOIS lookup, server status checker, security hardening
v1.0.0 March 2, 2026 Initial release — DNSBL monitoring, dashboard, delist workflow

See CHANGELOG.md for full details.


Contributing

Contributions are welcome! Please read CONTRIBUTING.md before submitting a PR.

License

MIT — see LICENSE for details.


If AbuseBox helps you, consider giving it a star!

GitHub stars

Core symbols most depended-on inside this repo

_text
called by 19
backend/app/services/dmarc_parser.py
go
called by 9
frontend/src/components/landing/Navbar.jsx
handleRequestError
called by 8
frontend/src/services/tools/index.jsx
useAuth
called by 8
frontend/src/services/auth/authProvider.jsx
getTabData
called by 7
frontend/src/pages/dashboard/ViewReport.jsx
fetchHostnameList
called by 7
frontend/src/pages/dashboard/BlacklistMonitor.jsx
getTabData
called by 7
frontend/src/pages/dashboard/AssetDetail.jsx
_to_hostname_response
called by 5
backend/app/api/routers/hostname.py

Shape

Function 250
Route 31
Class 23
Method 6

Languages

TypeScript55%
Python45%

Modules by API surface

backend/app/api/routers/tools.py20 symbols
backend/app/api/routers/hostname.py19 symbols
frontend/src/pages/dashboard/AssetDetail.jsx17 symbols
frontend/src/pages/dashboard/ViewReport.jsx12 symbols
frontend/src/services/tools/index.jsx11 symbols
backend/app/api/routers/dmarc.py10 symbols
backend/app/core/security.py9 symbols
frontend/src/pages/dashboard/DmarcReports.jsx8 symbols
frontend/src/services/auth/authProvider.jsx7 symbols
backend/app/schemas/hostname.py7 symbols
frontend/src/services/hostname/index.jsx6 symbols
frontend/src/pages/dashboard/BlacklistMonitor.jsx6 symbols

For agents

$ claude mcp add abusebox \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact