feat: add wave 3 local database plugins

GeoIP and ASN lookup via MaxMind GeoLite2 mmdb, Tor exit node check against local bulk exit list, IP reputation via Firehol/ET blocklist feeds, and CVE lookup against local NVD JSON mirror. Includes cron-friendly update script (scripts/update-data.sh) for all data sources and make update-data target. GeoLite2 requires a free MaxMind license key; all other sources are freely downloadable. Plugins: geoip, asn, torcheck, iprep, cve Commands: !geoip, !asn, !tor, !iprep, !cve Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 02:38:13 +01:00
parent cf3abbdbae
commit 23b4d6f2a4
13 changed files with 995 additions and 8 deletions
--- a/docs/CHEATSHEET.md
+++ b/docs/CHEATSHEET.md
@@ -121,6 +121,28 @@ IRC operators are auto-detected via WHO. Hostmask patterns use fnmatch.
 !blacklist 1.2.3.4             # DNSBL reputation check
 ```

+## Intelligence (local databases)
+
+```
+!geoip 8.8.8.8                # GeoIP: city, country, coords, tz
+!asn 8.8.8.8                  # ASN: number + organization
+!tor 1.2.3.4                  # Check Tor exit node
+!tor update                   # Download exit list
+!iprep 1.2.3.4                # Firehol/ET blocklist check
+!iprep update                 # Download blocklist feeds
+!cve CVE-2024-1234            # Lookup specific CVE
+!cve search apache rce         # Search CVE descriptions
+!cve update                   # Download NVD feed (slow)
+!cve stats                    # Show index size
+```
+
+### Data Setup
+
+```bash
+./scripts/update-data.sh                        # Update tor + iprep
+MAXMIND_LICENSE_KEY=xxx ./scripts/update-data.sh # + GeoLite2
+```
+
 ## Random

 ```