Introducing sikker CLI — IP Threat Intelligence From Your Terminal

We just shipped sikker, a command-line tool that wraps the entire SikkerAPI into a handful of terminal commands. It's open source, MIT licensed, and available right now.

Why a CLI?

Not everything belongs in a browser. If you're managing firewalls, writing deployment scripts, or triaging alerts in a terminal — switching to a web dashboard breaks your flow. The sikker CLI keeps you where you already are.

$ sikker check 185.220.101.34

  IP            185.220.101.34
  Confidence    92
  First seen    2025-11-03
  Last seen     2 hours ago
  Sessions      1,847
  Country       DE
  Protocols     SSH, HTTP, FTP

One command. No browser. No API wrangling.

What It Does

Every API endpoint we offer is available as a CLI command:

• `sikker check <ip>` — Look up any IP against our threat intelligence database. Get confidence scores, attack history, protocols, geolocation, and detected behaviors.

• `sikker blacklist` — Download scored IP blacklists filtered by country, ASN, protocol, severity, or IP version. Use --plaintext for firewall-ready output.

• `sikker report <ip>` — Report malicious IPs to the community threat database. Choose from 16 attack categories.

• `sikker bulk-report <file>` — Submit up to 10,000 reports from a CSV or JSON file in one command.

• `sikker taxii list` / `sikker taxii get <ip>` — Query STIX 2.1 threat intelligence feeds directly from the terminal.

Built for Automation

Three flags make the CLI useful in scripts:

--fail-above — Exit codes for CI/CD

$ sikker check $DEPLOY_IP --fail-above 50 \
    || echo "Blocked: suspicious source"

If the confidence score meets or exceeds your threshold, the command exits with code 1. Your existing shell logic handles the rest.

--plaintext — Bare IPs for firewalls

$ sikker blacklist --score-min 80 --plaintext > /etc/blocklist.txt

One IP per line. No headers, no formatting. Pipe it to iptables, ipset, or any blocklist consumer.

--json — Machine-readable output

$ sikker check 1.2.3.4 --json | jq '.confidenceLevel'

Raw JSON for scripting, logging, or feeding into other tools.

Install in 10 Seconds

npm (recommended)

$ npm install -g @sikkerapi/cli

Run without installing

$ npx @sikkerapi/cli check 1.2.3.4

Pre-built binaries for Linux, macOS, and Windows (x64 + arm64) are automatically selected for your platform. See the [link=/docs/cli]CLI documentation page[/link] or the https://www.npmjs.com/package/@sikkerapi/cli npm package for details.

Getting Started

Save your API key once, then every command just works:

$ sikker auth sk_free_abc123...
  API key saved.

$ sikker check 8.8.8.8

Don't have a key yet? The free tier includes 100 lookups, 50 reports, and 10,000 blacklist IPs per day.

Practical Examples

Update your firewall blocklist every hour

$ crontab -e
0 * * * * sikker blacklist --score-min 80 --plaintext > /etc/blocklist.txt

Block SSH brute-forcers from specific countries

$ sikker blacklist \
    --protocols ssh \
    --only-countries CN,RU \
    --score-min 75 \
    --plaintext \
  | while read ip; do
      iptables -A INPUT -s $ip -j DROP
    done

Gate deployments in CI/CD

$ GitHub Actions
steps:
  - run: sikker check ${{ github.event.sender.ip }} --fail-above 50
    env:
      SIKKERAPI_KEY: ${{ secrets.SIKKERAPI_KEY }}

Open Source

The CLI is MIT licensed and available on https://www.npmjs.com/package/@sikkerapi/cli.

Full documentation with all flags, every command, and more automation examples is on the CLI docs page.