def get_asn_mapping(ip_list):
    '''
    Calls the cymru api service to get ASN from a given IP and checks if its from Bell
    :param ip_list: A list of ips to get asn information from
    :type ip_list: list of str
    :return mapping: Returns a dictionary with key value pairs of (ip:asn_info)
    :rtype mapping: dict
    '''
    mapping = {}
    client = Client()
    try:
        # If the length of the list is 1, do a solo api call
        if len(ip_list) == 1:
            # Incase the api call returns special characters, catch error and set none
            try:
                result = client.lookup(ip_list[0])
                is_bell = result.asn in CONFIG['bell_asn'].keys()
                mapping.update(
                    {ip_list[0]: {
                         'asn': result.asn,
                         'is_bell': is_bell
                     }})
                return mapping
            except UnicodeDecodeError:
                mapping.update({ip_list[0]: {'asn': None, 'is_bell': None}})
                return mapping
        for idx, result in enumerate(client.lookupmany(ip_list)):
            is_bell = result.asn in CONFIG['bell_asn'].keys()
            mapping.update(
                {ip_list[idx]: {
                     'asn': result.asn,
                     'is_bell': is_bell
                 }})
        return mapping
    except UnicodeDecodeError:
        # Split list and recall function to find invalid api call and rejoin
        mapping_a = get_asn_mapping(ip_list[:len(ip_list) // 2])
        mapping_b = get_asn_mapping(ip_list[len(ip_list) // 2:])
        mapping_c = mapping_a.copy()
        mapping_c.update(mapping_b)
        return mapping_c
Esempio n. 2
0
def getAsForDomains(domain):
    ips = []

    # get all ips
    for ip in domain['ipaddr']:
        theip = ip['ipaddr']
        ips.append(theip)

    # lookup all ips
    c=Client()

    resp = c.lookupmany(ips)

    # find original ip again
    for r in resp:
        for ip in domain['ipaddr']:
            if ip['ipaddr'] == r.ip:
                ip['ipaddr'] = r.ip
                ip['cc'] = r.cc
                ip['asn'] = r.asn
                ip['asnowner'] = r.owner

                print "  AS: " + r.asn + " / " + r.owner
Esempio n. 3
0
import socket
from cymruwhois import Client

ip = '100.10.1.63'
ip_2 = '102.164.120.10'
ip_3 = '102.80.10.106'
ip_4 = '102.80.101.132'

c = Client()
#instead of puting lookup(ip) in the loop and get weird results, instead use lookupmany(ips) to return the results
for r in c.lookupmany([ip, ip_2, ip_3, ip_4]):
    print r.owner

#using cymruwhois to convert ips to asn and country code on the commandline
#cymruwhois /home/Marting/Videos/work/ips.txt -f asn,cc > /home/Marting/Videos/work/cyrmu_output.txt
Esempio n. 4
0
def get_asn(ips):
    debug("Requesting ASNs for %d IPs" % len(ips))
    c = Client()
    return [x for x in c.lookupmany(ips)]
Esempio n. 5
0
    iplistwithnullsremoved = [x for x in iplist if x]

    writekml(iplistwithnullsremoved)

    header = ["Ip Address", "Owner", "AS No", "NetPrefix", "Country", "Reverse DNS entries", "Found in Malware List"]
    workbook = xlwt.Workbook(encoding = 'ascii')
    worksheet = workbook.add_sheet('Ip Lookup results')
    row = 0
    column = 0
    for head in header:
        worksheet.write(row, column, head)
        column += 1
    row = 1
    column = 0
    for entry in c.lookupmany(iplistwithnullsremoved):
        iplookup = lookup(entry.ip, malwarelist)
        rowentry = [entry.ip, entry.owner, entry.asn, entry.prefix, entry.cc, iplookup[0],iplookup[1]]
        for item in rowentry:
            print row
            print column
            print item
            worksheet.write(row, column, item)
            column += 1
        column = 0
        row += 1

    workbook.save("Results.xls")