def get_asn_mapping(ip_list):
'''
Calls the cymru api service to get ASN from a given IP and checks if its from Bell
:param ip_list: A list of ips to get asn information from
:type ip_list: list of str
:return mapping: Returns a dictionary with key value pairs of (ip:asn_info)
:rtype mapping: dict
'''
mapping = {}
client = Client()
try:
# If the length of the list is 1, do a solo api call
if len(ip_list) == 1:
# Incase the api call returns special characters, catch error and set none
try:
result = client.lookup(ip_list[0])
is_bell = result.asn in CONFIG['bell_asn'].keys()
mapping.update(
{ip_list[0]: {
'asn': result.asn,
'is_bell': is_bell
}})
return mapping
except UnicodeDecodeError:
mapping.update({ip_list[0]: {'asn': None, 'is_bell': None}})
return mapping
for idx, result in enumerate(client.lookupmany(ip_list)):
is_bell = result.asn in CONFIG['bell_asn'].keys()
mapping.update(
{ip_list[idx]: {
'asn': result.asn,
'is_bell': is_bell
}})
return mapping
except UnicodeDecodeError:
# Split list and recall function to find invalid api call and rejoin
mapping_a = get_asn_mapping(ip_list[:len(ip_list) // 2])
mapping_b = get_asn_mapping(ip_list[len(ip_list) // 2:])
mapping_c = mapping_a.copy()
mapping_c.update(mapping_b)
return mapping_c
def getAsForDomains(domain):
ips = []
# get all ips
for ip in domain['ipaddr']:
theip = ip['ipaddr']
ips.append(theip)
# lookup all ips
c=Client()
resp = c.lookupmany(ips)
# find original ip again
for r in resp:
for ip in domain['ipaddr']:
if ip['ipaddr'] == r.ip:
ip['ipaddr'] = r.ip
ip['cc'] = r.cc
ip['asn'] = r.asn
ip['asnowner'] = r.owner
print " AS: " + r.asn + " / " + r.owner
import socket
from cymruwhois import Client
ip = '100.10.1.63'
ip_2 = '102.164.120.10'
ip_3 = '102.80.10.106'
ip_4 = '102.80.101.132'
c = Client()
#instead of puting lookup(ip) in the loop and get weird results, instead use lookupmany(ips) to return the results
for r in c.lookupmany([ip, ip_2, ip_3, ip_4]):
print r.owner
#using cymruwhois to convert ips to asn and country code on the commandline
#cymruwhois /home/Marting/Videos/work/ips.txt -f asn,cc > /home/Marting/Videos/work/cyrmu_output.txt
def get_asn(ips):
debug("Requesting ASNs for %d IPs" % len(ips))
c = Client()
return [x for x in c.lookupmany(ips)]
iplistwithnullsremoved = [x for x in iplist if x]
writekml(iplistwithnullsremoved)
header = ["Ip Address", "Owner", "AS No", "NetPrefix", "Country", "Reverse DNS entries", "Found in Malware List"]
workbook = xlwt.Workbook(encoding = 'ascii')
worksheet = workbook.add_sheet('Ip Lookup results')
row = 0
column = 0
for head in header:
worksheet.write(row, column, head)
column += 1
row = 1
column = 0
for entry in c.lookupmany(iplistwithnullsremoved):
iplookup = lookup(entry.ip, malwarelist)
rowentry = [entry.ip, entry.owner, entry.asn, entry.prefix, entry.cc, iplookup[0],iplookup[1]]
for item in rowentry:
print row
print column
print item
worksheet.write(row, column, item)
column += 1
column = 0
row += 1
workbook.save("Results.xls")