def whois(ip): data = IPWhois(ip, timeout=15) data = data.lookup_whois() country = data['nets'][0]['country'] city = data['nets'][0]['city'] address = data['nets'][0]['address'] return {'city': city, 'country': country, 'address': address}
def whoIsPrint(ip): try: w = IPWhois(ip) w = w.lookup_whois() addr = str(w['nets'][0]['address']) addr = addr.replace('\n', ', ') print("\n WHO IS REPORT:") print(" CIDR: " + str(w['nets'][0]['cidr'])) print(" Name: " + str(w['nets'][0]['name'])) # print(" Handle: " + str(w['nets'][0]['handle'])) print(" Range: " + str(w['nets'][0]['range'])) print(" Descr: " + str(w['nets'][0]['description'])) print(" Country: " + str(w['nets'][0]['country'])) print(" State: " + str(w['nets'][0]['state'])) print(" City: " + str(w['nets'][0]['city'])) print(" Address: " + addr) print(" Post Code: " + str(w['nets'][0]['postal_code'])) # print(" Emails: " + str(w['nets'][0]['emails'])) print(" Created: " + str(w['nets'][0]['created'])) print(" Updated: " + str(w['nets'][0]['updated'])) except: print("\n IP Not Found - Checking Domains") ip = re.sub('https://', '', ip) ip = re.sub('http://', '', ip) try: s = socket.gethostbyname(ip) print(' Resolved Address: %s' % s) whoIsPrint(s) except: print(' IP or Domain not Found') return
def who_is(addr): ip = IPWhois(addr) results = ip.lookup_rdap() print('ASN Information: \n') for k,v in results.items(): if k.startswith('asn'): print(f'{k}: {v}')
def main(): home = os.path.dirname(os.path.abspath(__file__)) os.chdir(home) with io.open("ip-subnets-unique.txt") as in_file: lines = in_file.readlines() with io.open("ip-subnets-unique-whois.txt", "w") as out_file: out_file.write( u"# Attention! All host counters include broadcast and network addresses.\n\n" ) total_hosts = 0 for line in lines: src = line.strip() if not src: out_file.write(u"\n") continue if src.startswith("#"): out_file.write(u"{0}\n".format(src)) continue print(src) (network_address, mask) = src.split("/") whois = IPWhois(network_address) whois_data = whois.lookup_rdap(depth=1) network_name = whois_data["network"]["name"] asn = whois_data["asn"] asn_description = whois_data["asn_description"] hosts = ipaddr.IPv4Network(src).numhosts total_hosts += hosts out_file.write( u"# {0}\n# AS{1} {2}\n# {3} host(s)\n{4}\n\n".format( network_name, asn, asn_description, hosts, src)) out_file.write(u"# {0} host(s)\n".format(total_hosts))
def get_whois_info(ip_str: str, show_progress=False) -> Tuple[str, dict]: """ Retrieve whois ASN information for given IP address using IPWhois python package. Parameters ---------- ip_str : str [description] show_progress : bool, optional [description], by default False Returns ------- IP Details of the IP data collected """ ip_type = get_ip_type(ip_str) if ip_type == "Public": whois = IPWhois(ip_str) whois_result = whois.lookup_whois() if show_progress: print(".", end="") return whois_result["asn_description"], whois_result else: return f"N ASN Information since IP address is of type: {ip_type}", {}
def _val_ip(self, ip: str, sevice: str): if sevice == 'reverse_dns': try: if ipaddress.ip_address(ip).is_global: return gethostbyaddr(ip)[0] if not None else 'NO_RECORD' else: raise Exception except: return 'UNRESOLVABLE' elif sevice == 'whois': try: if ipaddress.ip_address(ip).is_global: return IPWhois(ip).lookup_whois().get('asn_description') else: return None except: return None elif sevice == 'version4': try: ipaddress.IPv4Network(ip) return True except: return False elif sevice == 'version6': try: ipaddress.IPv6Network(ip) return True except: return False
def get_ip_info(ip): """ Returns some basic information about specified IP address. :param ip: IP address :type ip: str :return: basic information :rtype: dict """ try: reader = GeoIP2() location = reader.city(ip) whois = IPWhois(ip).lookup() data = { 'country': location['country_name'], # Country 'city': location['city'], # City 'region': location['region'], # Region 'lat': location['latitude'], # Latitude 'long': location['longitude'], # Longitude # 'provider': whois['nets'][0]['name'], # Provider 'provider_info': whois['nets'][0]['address'] # Provider Info } except Exception: return None else: return data
def get_whois_info(ip_str: str, show_progress: bool = False) -> Tuple[str, dict]: """ Retrieve whois ASN information for given IP address using IPWhois python package. Parameters ---------- ip_str : str IP Address to look up. show_progress : bool, optional Show progress for each query, by default False Returns ------- IP Details of the IP data collected Notes ----- This function uses the Python functools lru_cache and will return answers from the cache for previously queried IP addresses. """ ip_type = get_ip_type(ip_str) if ip_type == "Public": whois = IPWhois(ip_str) whois_result = whois.lookup_whois() if show_progress: print(".", end="") return whois_result["asn_description"], whois_result return f"No ASN Information for IP type: {ip_type}", {}
def main(): with open('results.csv') as csvfile: readCSV = csv.reader(csvfile, delimiter=',') ip_cidr = {} for row in readCSV: ip = row[0] print(ip) obj = IPWhois(row[0]) try: resp = obj.lookup_whois() cidr = resp["nets"][0]['cidr'] print("CIDR: ", cidr) #print("IP Range: ", [str(ip) for ip in ipaddress.IPv4Network(cidr)]) ip_cidr[ip] = cidr # group ip with the same cidr except Exception: print("skipped ", ip) ip_cidr_grouped = defaultdict(list) for key, value in ip_cidr.items(): ip_cidr_grouped[value].append(key) for key, value in ip_cidr_grouped.items(): print(key, "=>", value)
def asn(ip): try: results = {} target = IPWhois(ip) lookup = target.lookup_rdap(depth=1) if lookup: results["asn"] = { "asn": lookup["asn"], "asn_cidr": lookup["asn_cidr"], "asn_country_code": lookup["asn_country_code"], "asn_date": lookup["asn_date"], "asn_description": lookup["asn_description"], "asn_registry": lookup["asn_registry"], } results["network"] = { "cidr": lookup["network"]["cidr"], "country": lookup["network"]["country"], "handle": lookup["network"]["handle"], "name": lookup["network"]["name"], } return results except Exception as e: tb1 = traceback.TracebackException.from_exception(e) print("".join(tb1.format()))
def scanner(self): self.ips_got = 0 while True: self.ip = (ipPick()) self.ips_got += 1 self.scanned = nm.scan(self.ip, self.r_port, '-T4 -sV --version-all') x = 1 self.ssh_result = open("cunny_scan_results.txt", "a+") self.whois = IPWhois(self.ip) self.ssh_result.write( '\n\n\n*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-\n\n\n') self.ssh_result.write('Results for ' + self.ip + '\n\n') self.whois_result = self.whois.lookup_rdap(depth=0) pprint(self.whois_result, self.ssh_result) self.ssh_result.write( '<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>\n\n') while (x == 1): for i in range(self.s_port, self.f_port): try: ssh_check = self.scanned['scan'][ self.ip]['tcp'][i]['name'] port_check = self.scanned['scan'][ self.ip]['tcp'][i]['state'] self.ssh_result.write(self.ip + ': Port ' + str(i) + ' is ' + ssh_check) if port_check == str('open') or str('filtered'): self.ssh_result.write(str(i) + ' is ' + port_check) else: pass except KeyError: pass if i == self.f_port - 1: x = 0 self.ssh_result.close()
def __init__(self): print('Welcome to IP Scanner: ') target = input('Enter the IP which you want to scan: ') ip = IPWhois(target) resolve = IPWhois.lookup_whois(ip) pprint(resolve)
def _whois(ip_pk): ip = IPv4Whois.objects.get(pk=ip_pk) ip.status = IPv4Whois.STATUS_LOOKING_UP_WHOIS ip.save() obj = IPWhois(ip.address, timeout=9) try: results = obj.lookup_rdap() except Exception as exc: ip.status = IPv4Whois.STATUS_LOOKUP_WHOIS_FAILED ip.save() raise exc ip.whois = json.dumps(results) ip.status = IPv4Whois.STATUS_LOOKUP_WHOIS_SUCCESS ip.save() kafka_msg = { 'IP': ip.address, 'Whois': results, 'Host': settings.EXTERNAL_IP, 'Timestamp': datetime.utcnow().isoformat(), } send_to_kafka('results', kafka_msg)
def whois(ip): obj = IPWhois(ip) results = obj.lookup_rdap(depth=1, retry_count=5, rate_limit_timeout=5) results_stripped = { "asn": results.get("asn"), "asn_cidr": results.get("asn_cidr"), "asn_country_code": results.get("asn_country_code"), "asn_date": results.get("asn_date"), "asn_description": results.get("asn_description"), "asn_registry": results.get("asn_registry"), "entities": results.get("entities"), "net_start_address": results.get("network").get("cidr"), "net_end_address": results.get("network").get("end_address"), "net_cidr": results.get("network").get("cidr"), "net_type": results.get("network").get("type"), "net_organization": results.get("network").get("name"), "net_ref": results.get("network").get("links"), "raw_command": f"whois -h whois.radb.net {ip}" } if results.get("network") != None: if results.get("network").get("events") != None: for event in results.get("network").get("events"): if event.get("action") == "last changed": results_stripped["net_updated"] = event["timestamp"] elif event.get("action") == "registration": results_stripped["registration"] = event["timestamp"] return results_stripped
def get_asn_description(ip): try: asn = IPWhois(ip) asn_owner = asn.lookup_rdap(depth=1) return asn_owner['asn_description'] except exceptions.ASNRegistryError: return "Unknown ASN"
def get_rdap_registry_info(ip_input, rdap_depth, proxies=None): """Gathers registry info in RDAP protocol Arguments: ip_input {string} -- Artifact.value rdap_depth {int} -- 0,1 or 2 Returns: {object} -- Registry info, RDAP Protocol """ try: proxy_opener = make_proxy_opener(proxies) if proxies else None internet_protocol_address_object = IPWhois(ip_input, allow_permutations=True, proxy_opener=proxy_opener) try: rdap_response = internet_protocol_address_object.lookup_rdap( rdap_depth) if internet_protocol_address_object.dns_zone: rdap_response[ "dns_zone"] = internet_protocol_address_object.dns_zone return rdap_response except exceptions.ASNRegistryError as e: logging.error(traceback.format_exc()) except: logging.error(traceback.format_exc())
def whois(): print "[" + t.green("+") + "]Please provide an IP for WHOIS lookup." TARGET = raw_input("\n<" + t.cyan("WHOIS") + ">$ ") obj = IPWhois(TARGET) results = obj.lookup_rdap(depth=1) pprint(results) print "\n[" + t.magenta( "?") + "]Would you like to append the WHOIS record to a text file?\n" logs = raw_input("[Y]es/[N]o: ") format = json.dumps(results, indent=2) if logs == "y": with open("whois.log", "ab") as outfile: outfile.write("Host: " + TARGET + "\n") outfile.write(format) outfile.close() print "[" + t.green( "+") + "]Results saved to whois.log in the current directory.\n" elif logs == "n": print "[" + t.green("+") + "]Returning to main menu.\n" else: print "[" + t.red("!") + "]Unhandled Option.\n"
def ip_lookup(self, ip): # given ip, look up org, isp, lat and lon # first, check if we have seen this ip before if ip in self.iptable: return self.iptable[ip] try: obj = IPWhois(ip, timeout=10) # times out after 10 seconds results = obj.lookup(get_referral=True) org = results['nets'][-1]['description'] isp = results['nets'][0]['description'] except (IPDefinedError, ASNLookupError, ASNRegistryError, WhoisLookupError, HostLookupError, BlacklistError, AttributeError) as e: # log bad ip and error logger.error('%s from IPWhois on IP %s, setting org & isp to None', e, ip) org = isp = None except ValueError: logger.error( 'Set org & isp to None, ValueError from IPWhois for IP %s', ip) org = isp = None # geolite2 returns NoneType if no match try: match = geolite2.lookup(ip) if match: if match.location: if match.location[0]: lat = match.location[0] else: lat = None logger.warn( 'Set lat = None, geolite2 unable to find lat for IP %s', ip) if match.location[1]: lon = match.location[1] else: lon = None logger.warn( 'Set lon = None, geolite2 unable to find lon for IP %s', ip) else: lat = lon = None logger.warn( 'Set lat & lon = None, geolite2 unable to find lat/lon for IP %s', ip) else: # log unable to find lat/lon for this ip logger.warn( 'Set lat & lon = None, geolite2 unable to find lat/lon for IP %s', ip) lat = lon = None except ValueError: # log bad ip and error logger.error( 'Set lat & lon = None, ValueError from geolite2 for IP %s', ip) lat = lon = None self.iptable[ip] = [org, lat, lon, isp] return self.iptable[ip]
def whoisProcessor(): print "GroupID: ", groupid consumer = KafkaConsumer(port_scan_source_topic, group_id=groupid, bootstrap_servers=props['kafka']['hosts'], enable_auto_commit=True, auto_offset_reset='smallest') for msg in consumer: node = json.loads(msg.value) ip = str(msg.key) if (len(node['ports']) > 0): print "Node: ", ip try: gir = gi.record_by_addr(ip) w = IPWhois(ip) out = {} out['whois'] = w.lookup_rdap() out['geoip'] = gir out['ports'] = node['ports'] message_out = json.dumps(out) kp.send(port_scan_enrich_topic, message_out, msg.key) except Exception as e: print "Error: %s " % e
def getlatlongIP(ip): result = IPWhois(ip) try: ret = result.lookup_rdap(depth=1) # print(ret) try: # Get the MaxMind geo data for the query. # I do not redistribute the GeoLite2 database, download # GeoLite2-City.mmdb from: # https://dev.maxmind.com/geoip/geoip2/geolite2/ mm_reader = geoip2.database.Reader('GeoLite2-City.mmdb') # Query the database. mm_response = mm_reader.city(ret['query']) lat = mm_response.location.latitude lng = mm_response.location.longitude return lat, lng # Generic exception. Need to determine all raised and update handling. # geoip2.errors.AddressNotFoundError, TypeError, etc. except Exception as e: print(e) pass except: pass
def obtain_more_data(self, host): print("\n[ ] Information about domain name") domain_name = getfqdn(host) print("[+] Domain name:{}".format(domain_name)) data_whois = IPWhois(host).lookup_whois() pprint.pprint(data_whois) aux = domain_name.split('.') dns_q = '{0}.{1}'.format(aux[-2], aux[-1]) addr = dns.reversename.from_address(host) rev_name = "\n[+] Reverser name\n" rev_name += str(addr) + "\n" try: ptr_text = "\n[+] PTR\n" for ptr in dns.resolver.query(addr, "PTR"): ptr_text += str(ptr) + "\n" rev_name += ptr_text except Exception: pass try: ns_text = "\n[+] Name servers\n" for server in dns.resolver.query(dns_q, 'NS'): ns_text += str(server).rstrip('.') + '\n' rev_name += ns_text print(rev_name) except Exception: pass
def __init__(self, addr, timeout, proxy_http, proxy_https, allow_permutations): self.addr = addr self.timeout = timeout handler_dict = None if proxy_http is not None: handler_dict = {'http': proxy_http} if proxy_https is not None: if handler_dict is None: handler_dict = {'https': proxy_https} else: handler_dict['https'] = proxy_https if handler_dict is None: self.opener = None else: handler = ProxyHandler(handler_dict) self.opener = build_opener(handler) self.allow_permutations = allow_permutations self.obj = IPWhois(address=self.addr, timeout=self.timeout, proxy_opener=self.opener, allow_permutations=self.allow_permutations)
def getWhois(ipaddress): try: whois = IPWhois(netaddr.IPNetwork(ipaddress)[0]).lookup() return (json.dumps(whois)) except Exception as e: sys.stderr.write('Error looking up whois for {0}: {1}\n'.format( ipaddress, e))
def get_ASN_Infos(ipaddr): """ Get Autonomous System Number informations linked to an ip address :param ipaddr: ip address of the website linked to the certificate common name :return: list of ASN infos: asn, asn_cidr, asn_country_code, asn_description, asn_abuse_email or the same with empty values """ try: warnings.filterwarnings("ignore") obj = IPWhois(ipaddr) results = obj.lookup_rdap(depth=1) asn = results['asn'] asn_cidr = results['asn_cidr'] asn_country_code = results['asn_country_code'] asn_description = results['asn_description'] # parsing of all the entities members of the ASN record. # -> when finding an entity with 'abuse' role, print the email present # in the contact object. try: for entity in results['objects'].values(): if 'abuse' in entity['roles']: asn_abuse_email = entity['contact']['email'][0]['value'] break except Exception as e: asn_abuse_email = "" return asn, asn_cidr, asn_country_code, asn_description, asn_abuse_email except Exception as e: asn, asn_cidr, asn_country_code, asn_description, asn_abuse_email = "", "", "", "", "" return asn, asn_cidr, asn_country_code, asn_description, asn_abuse_email
def main(ip): obj = IPWhois(ip) try: results = obj.lookup_rdap(depth=1) except: results = None return results
def whois(input_ip, depth=1): try: result = IPWhois(input_ip) ret = result.lookup_rdap(depth=depth) return ret except: return False
def _handle_test_connectivity(self, param): ip = '1.1.1.1' action_result = self.add_action_result(ActionResult(dict(param))) action_result.set_param({phantom.APP_JSON_IP: ip}) self.debug_print("Validating/Querying IP '{0}'".format(ip)) self.save_progress("Querying...") try: obj_whois = IPWhois(ip) whois_response = obj_whois.lookup_whois(asn_methods=['whois', 'dns', 'http']) except IPDefinedError as e_defined: self.debug_print("Got IPDefinedError exception str: {0}".format(str(e_defined))) self.save_progress("Test Connectivity Failed") return action_result.set_status(phantom.APP_SUCCESS, str(e_defined)) except Exception as e: error_message = self._get_error_message_from_exception(e) self.debug_print("Got exception: type: {0}, str: {1}".format(type(e).__name__, str(error_message))) self.save_progress("Test Connectivity Failed") return action_result.set_status(phantom.APP_ERROR, WHOIS_ERR_QUERY, error_message) if not whois_response: self.save_progress("Test Connectivity Failed") return action_result.set_status(phantom.APP_ERROR, WHOIS_ERR_QUERY_RETURNED_NO_DATA) self.save_progress("Test Connectivity Passed") return action_result.set_status(phantom.APP_SUCCESS)
def get_whois(host): try: w =IPWhois(host).lookup_rws() if w: return w except: pass
def __get_query_info__(query_node, user, **kwargs): class ComplexEncoder(json.JSONEncoder): def default(self, obj): if hasattr(obj, 'reprJSON'): return obj.reprJSON() if hasattr(obj, 'isoformat'): return obj.isoformat() else: return json.JSONEncoder.default(self, obj) whois_consult = WhoisConsult.objects.filter(query_node=query_node, created_at__gt=timezone.now() - timezone.timedelta( days=365)).first() if whois_consult is None: if 'ip' in kwargs: obj = IPWhois(query_node) results = obj.lookup() whois_consult = WhoisConsult.objects.create(query_node=query_node, info_report=results, content_object=user) elif 'domain' in kwargs: w = pythonwhois.get_whois(query_node) whois_consult = WhoisConsult.objects.create(query_node=query_node, info_report=w, content_object=user) else: raise ValueError( "you must determine is you want to do a domain or ip consultation by __get_query_info" + "__('query', SomeUser, domain=True or ip=True") whois_consult.check_info_report(query_node, save=True) return whois_consult
def do_isp_routine(rows, isp, total, tid): global to_remove, do_isp_lock, count local_to_remove = [] for row in rows: ip = str(row[0]) obj = IPWhois(ip) try: res = obj.lookup_whois(False) for net in res['nets']: if not net['name'] is None and net['name'].lower().find( isp) != -1: local_to_remove.append(ip) except: pass do_isp_lock.acquire() count += 1 print "%d: %d out of %d (%d%%)" % (tid, count, total, count * 100 / total) do_isp_lock.release() if len(local_to_remove) > 0: do_isp_lock.acquire() to_remove.extend(local_to_remove) do_isp_lock.release()