def look(iplist):
time.sleep(2) # delays for 2 seconds
c = Client() # creates an instance of the Client class
try:
# print 'here before != None'
# print iplist
# if ips != None:
if iplist != None:
print 'here after !=None'
print iplist
time.sleep(2)
# r = c.lookupmany_dict('8.8.8.8')
r = c.lookupmany_dict(
iplist
) # leverages the lookupmany_dict() function to pass in a list of IPs
for ip in iplist: # Iterates over the ips in the list to use a key value in the dictionary from lookupman_dict()
time.sleep(2) # delays for 2 seconds
print " ip here " + ip
net = r[ip].prefix
owner = r[ip].owner
cc = r[
ip].cc # gets the networking information from the dictionary
# print net
line = '%-20s # - %15s (%s) - %s' % (
net, ip, cc, owner) # formats the line to print cleanly
print line
except:
pass
def look(iplist):
c=Client() # creates an instance of the Client class
try:
r = c.lookupmany_dict(iplist) # leverages the lookupmany_dict() function to pass in a list of IPs
for ip in iplist: # Iterates over the ips in the list to use a key value in the returned dictionary from lookupman_dict()
net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc # gets the networking information from the dictionary
line = '%-20s # - %15s (%s) - %s' % (ip,net,cc,owner) # formats the line to print cleanly
print line
except:pass
def look(iplost): c=Client() # create instance of client class try: if ips != None: r = c.lookupmany_dict(iplist) # uses lookupmany_dict() function to pass in a list of IPs for ip in iplist: net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc # gets network info from dict line = '%-20s # - %15s (%s) - %s' % (net,ip,cc,owner) # formats the line to print print line except:pass
def look(ip_list):
c = Client()
try:
r = c.lookupmany_dict(ip_list)
for ip in ip_list:
pt = r[ip].prefix + " ------> " + r[ip].ip + "\n" + \
r[ip].cc + "\t" + r[ip].owner
print pt + "\n" + "-"*60
except Exception as e:
print e
pass
def look(iplist):
c = Client() # creates an instance of the Client class
try:
if ips != None:
r = c.lookupmany_dict(iplist) # leverages the lookupmany_dict() function to pass in a list of IPs
for ip in iplist: # Iterates over the ips in the list to use a key value in the dictionary from lookupman_dict()
net = r[ip].prefix;
owner = r[ip].owner;
cc = r[ip].cc # gets the networking information from the dictionary
line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner) # formats the line to print cleanly
print line
except:pass
def net_lookup(ips):
try:
c=Client()
ips = list(set(ips)) # uniq IPs
r = c.lookupmany_dict(ips)
for ip in ips:
net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc
line = '%-20s # - %15s (%s) - %s' % (ip,net,cc,owner)
print line
except Exception as e:
print e
def net_lookup(ips):
try:
c = Client()
ips = list(set(ips)) # uniq IPs
r = c.lookupmany_dict(ips)
for ip in ips:
net = r[ip].prefix
owner = r[ip].owner
cc = r[ip].cc
line = '%-20s # - %15s (%s) - %s' % (ip, net, cc, owner)
print line
except Exception as e:
print e
def net_lookup(ips, results_file):
try:
c = Client()
ips = list(set(ips)) # uniq IPs
r = c.lookupmany_dict(ips)
cidrs = []
for ip in ips:
cidrs.append(r[ip].prefix)
cidrs = list(set(cidrs)) # uniq CIDRs
cidr_results = ", ".join(cidrs)
print "[+] Found Results in CIDRs: " + cidr_results
if results_file:
results_file.write("[+] Found Results in CIDRs: " + cidr_results + "\n")
except Exception as e:
print e
def build_ip_db(unique_ips):
''' Builds up a db of ip addresses that were in the server logs.
unique_ips: set of ip's that were seen in the server logs
Returns: the ip db with 'isp_name', 'latitude and 'longitude'
'''
c = Client()
ip_db = shelve.open(opj(data_dir, 'ip.db')) # NOTE again, this might get too big and blow everything up
unique_ips = [ip for ip in unique_ips if ip not in ip_db] # if we have stuff in ip.db already from a previous run
ips_fetching = 'Fetching info for this many IPs: {}'.format(len(unique_ips))
print ips_fetching
logging.info(ips_fetching)
for subset_of_unique_ips in split_list_into_chunks(unique_ips, 10000): # only do 10,000 ip's at a time
for ip_addr, ip_info_dict in c.lookupmany_dict(subset_of_unique_ips).iteritems():
lat, lon = get_lat_and_long(ip_addr) # NOTE maybe take this out so the shelve doesn't ballon too big
ip_db[ip_addr] = {'isp_name': ip_info_dict.owner,
# 'organization': ??? -- would probably need to pull out from whois, but slow and messy
'latitude': lat,
'longitude': lon}
return ip_db
#!/usr/bin/python
from cymruwhois import Client
import sys
#log file location hard coded, change to suit environment
logfile = open('/var/log/honeypot/honeyd.log','r')
source = []
for line in logfile:
source.append(line.split(' ')[3])
src_country = []
src_count = []
c = Client()
results = c.lookupmany_dict( set(source) )
for res in results:
country = results[res].cc
try:
pos = src_country.index( country )
src_count[pos] += 1
except:
src_country.append( country )
src_count.append( 1 )
for i in range( 0, ( len( src_country ) - 1 ) ):
sys.stdout.write( "%s:\t%i\n" %( src_country[i], src_count[i] ) )
