def whois(ip):
data = IPWhois(ip, timeout=15)
data = data.lookup_whois()
country = data['nets'][0]['country']
city = data['nets'][0]['city']
address = data['nets'][0]['address']
return {'city': city, 'country': country, 'address': address}
def whoIsPrint(ip):
try:
w = IPWhois(ip)
w = w.lookup_whois()
addr = str(w['nets'][0]['address'])
addr = addr.replace('\n', ', ')
print("\n WHO IS REPORT:")
print(" CIDR: " + str(w['nets'][0]['cidr']))
print(" Name: " + str(w['nets'][0]['name']))
# print(" Handle: " + str(w['nets'][0]['handle']))
print(" Range: " + str(w['nets'][0]['range']))
print(" Descr: " + str(w['nets'][0]['description']))
print(" Country: " + str(w['nets'][0]['country']))
print(" State: " + str(w['nets'][0]['state']))
print(" City: " + str(w['nets'][0]['city']))
print(" Address: " + addr)
print(" Post Code: " + str(w['nets'][0]['postal_code']))
# print(" Emails: " + str(w['nets'][0]['emails']))
print(" Created: " + str(w['nets'][0]['created']))
print(" Updated: " + str(w['nets'][0]['updated']))
except:
print("\n IP Not Found - Checking Domains")
ip = re.sub('https://', '', ip)
ip = re.sub('http://', '', ip)
try:
s = socket.gethostbyname(ip)
print(' Resolved Address: %s' % s)
whoIsPrint(s)
except:
print(' IP or Domain not Found')
return
def who_is(addr):
ip = IPWhois(addr)
results = ip.lookup_rdap()
print('ASN Information: \n')
for k,v in results.items():
if k.startswith('asn'):
print(f'{k}: {v}')
def main():
home = os.path.dirname(os.path.abspath(__file__))
os.chdir(home)
with io.open("ip-subnets-unique.txt") as in_file:
lines = in_file.readlines()
with io.open("ip-subnets-unique-whois.txt", "w") as out_file:
out_file.write(
u"# Attention! All host counters include broadcast and network addresses.\n\n"
)
total_hosts = 0
for line in lines:
src = line.strip()
if not src:
out_file.write(u"\n")
continue
if src.startswith("#"):
out_file.write(u"{0}\n".format(src))
continue
print(src)
(network_address, mask) = src.split("/")
whois = IPWhois(network_address)
whois_data = whois.lookup_rdap(depth=1)
network_name = whois_data["network"]["name"]
asn = whois_data["asn"]
asn_description = whois_data["asn_description"]
hosts = ipaddr.IPv4Network(src).numhosts
total_hosts += hosts
out_file.write(
u"# {0}\n# AS{1} {2}\n# {3} host(s)\n{4}\n\n".format(
network_name, asn, asn_description, hosts, src))
out_file.write(u"# {0} host(s)\n".format(total_hosts))
def get_whois_info(ip_str: str, show_progress=False) -> Tuple[str, dict]:
"""
Retrieve whois ASN information for given IP address using IPWhois python package.
Parameters
----------
ip_str : str
[description]
show_progress : bool, optional
[description], by default False
Returns
-------
IP
Details of the IP data collected
"""
ip_type = get_ip_type(ip_str)
if ip_type == "Public":
whois = IPWhois(ip_str)
whois_result = whois.lookup_whois()
if show_progress:
print(".", end="")
return whois_result["asn_description"], whois_result
else:
return f"N ASN Information since IP address is of type: {ip_type}", {}
def _val_ip(self, ip: str, sevice: str):
if sevice == 'reverse_dns':
try:
if ipaddress.ip_address(ip).is_global:
return gethostbyaddr(ip)[0] if not None else 'NO_RECORD'
else:
raise Exception
except:
return 'UNRESOLVABLE'
elif sevice == 'whois':
try:
if ipaddress.ip_address(ip).is_global:
return IPWhois(ip).lookup_whois().get('asn_description')
else:
return None
except:
return None
elif sevice == 'version4':
try:
ipaddress.IPv4Network(ip)
return True
except:
return False
elif sevice == 'version6':
try:
ipaddress.IPv6Network(ip)
return True
except:
return False
def get_ip_info(ip):
"""
Returns some basic information about specified IP address.
:param ip: IP address
:type ip: str
:return: basic information
:rtype: dict
"""
try:
reader = GeoIP2()
location = reader.city(ip)
whois = IPWhois(ip).lookup()
data = {
'country': location['country_name'], # Country
'city': location['city'], # City
'region': location['region'], # Region
'lat': location['latitude'], # Latitude
'long': location['longitude'], # Longitude #
'provider': whois['nets'][0]['name'], # Provider
'provider_info': whois['nets'][0]['address'] # Provider Info
}
except Exception:
return None
else:
return data
def get_whois_info(ip_str: str,
show_progress: bool = False) -> Tuple[str, dict]:
"""
Retrieve whois ASN information for given IP address using IPWhois python package.
Parameters
----------
ip_str : str
IP Address to look up.
show_progress : bool, optional
Show progress for each query, by default False
Returns
-------
IP
Details of the IP data collected
Notes
-----
This function uses the Python functools lru_cache and
will return answers from the cache for previously queried
IP addresses.
"""
ip_type = get_ip_type(ip_str)
if ip_type == "Public":
whois = IPWhois(ip_str)
whois_result = whois.lookup_whois()
if show_progress:
print(".", end="")
return whois_result["asn_description"], whois_result
return f"No ASN Information for IP type: {ip_type}", {}
def main():
with open('results.csv') as csvfile:
readCSV = csv.reader(csvfile, delimiter=',')
ip_cidr = {}
for row in readCSV:
ip = row[0]
print(ip)
obj = IPWhois(row[0])
try:
resp = obj.lookup_whois()
cidr = resp["nets"][0]['cidr']
print("CIDR: ", cidr)
#print("IP Range: ", [str(ip) for ip in ipaddress.IPv4Network(cidr)])
ip_cidr[ip] = cidr
# group ip with the same cidr
except Exception:
print("skipped ", ip)
ip_cidr_grouped = defaultdict(list)
for key, value in ip_cidr.items():
ip_cidr_grouped[value].append(key)
for key, value in ip_cidr_grouped.items():
print(key, "=>", value)
def asn(ip):
try:
results = {}
target = IPWhois(ip)
lookup = target.lookup_rdap(depth=1)
if lookup:
results["asn"] = {
"asn": lookup["asn"],
"asn_cidr": lookup["asn_cidr"],
"asn_country_code": lookup["asn_country_code"],
"asn_date": lookup["asn_date"],
"asn_description": lookup["asn_description"],
"asn_registry": lookup["asn_registry"],
}
results["network"] = {
"cidr": lookup["network"]["cidr"],
"country": lookup["network"]["country"],
"handle": lookup["network"]["handle"],
"name": lookup["network"]["name"],
}
return results
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
def scanner(self):
self.ips_got = 0
while True:
self.ip = (ipPick())
self.ips_got += 1
self.scanned = nm.scan(self.ip, self.r_port,
'-T4 -sV --version-all')
x = 1
self.ssh_result = open("cunny_scan_results.txt", "a+")
self.whois = IPWhois(self.ip)
self.ssh_result.write(
'\n\n\n*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-\n\n\n')
self.ssh_result.write('Results for ' + self.ip + '\n\n')
self.whois_result = self.whois.lookup_rdap(depth=0)
pprint(self.whois_result, self.ssh_result)
self.ssh_result.write(
'<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>\n\n')
while (x == 1):
for i in range(self.s_port, self.f_port):
try:
ssh_check = self.scanned['scan'][
self.ip]['tcp'][i]['name']
port_check = self.scanned['scan'][
self.ip]['tcp'][i]['state']
self.ssh_result.write(self.ip + ': Port ' + str(i) +
' is ' + ssh_check)
if port_check == str('open') or str('filtered'):
self.ssh_result.write(str(i) + ' is ' + port_check)
else:
pass
except KeyError:
pass
if i == self.f_port - 1:
x = 0
self.ssh_result.close()
def __init__(self):
print('Welcome to IP Scanner: ')
target = input('Enter the IP which you want to scan: ')
ip = IPWhois(target)
resolve = IPWhois.lookup_whois(ip)
pprint(resolve)
def _whois(ip_pk):
ip = IPv4Whois.objects.get(pk=ip_pk)
ip.status = IPv4Whois.STATUS_LOOKING_UP_WHOIS
ip.save()
obj = IPWhois(ip.address, timeout=9)
try:
results = obj.lookup_rdap()
except Exception as exc:
ip.status = IPv4Whois.STATUS_LOOKUP_WHOIS_FAILED
ip.save()
raise exc
ip.whois = json.dumps(results)
ip.status = IPv4Whois.STATUS_LOOKUP_WHOIS_SUCCESS
ip.save()
kafka_msg = {
'IP': ip.address,
'Whois': results,
'Host': settings.EXTERNAL_IP,
'Timestamp': datetime.utcnow().isoformat(),
}
send_to_kafka('results', kafka_msg)
def whois(ip):
obj = IPWhois(ip)
results = obj.lookup_rdap(depth=1, retry_count=5, rate_limit_timeout=5)
results_stripped = {
"asn": results.get("asn"),
"asn_cidr": results.get("asn_cidr"),
"asn_country_code": results.get("asn_country_code"),
"asn_date": results.get("asn_date"),
"asn_description": results.get("asn_description"),
"asn_registry": results.get("asn_registry"),
"entities": results.get("entities"),
"net_start_address": results.get("network").get("cidr"),
"net_end_address": results.get("network").get("end_address"),
"net_cidr": results.get("network").get("cidr"),
"net_type": results.get("network").get("type"),
"net_organization": results.get("network").get("name"),
"net_ref": results.get("network").get("links"),
"raw_command": f"whois -h whois.radb.net {ip}"
}
if results.get("network") != None:
if results.get("network").get("events") != None:
for event in results.get("network").get("events"):
if event.get("action") == "last changed":
results_stripped["net_updated"] = event["timestamp"]
elif event.get("action") == "registration":
results_stripped["registration"] = event["timestamp"]
return results_stripped
def get_asn_description(ip):
try:
asn = IPWhois(ip)
asn_owner = asn.lookup_rdap(depth=1)
return asn_owner['asn_description']
except exceptions.ASNRegistryError:
return "Unknown ASN"
def get_rdap_registry_info(ip_input, rdap_depth, proxies=None):
"""Gathers registry info in RDAP protocol
Arguments:
ip_input {string} -- Artifact.value
rdap_depth {int} -- 0,1 or 2
Returns:
{object} -- Registry info, RDAP Protocol
"""
try:
proxy_opener = make_proxy_opener(proxies) if proxies else None
internet_protocol_address_object = IPWhois(ip_input,
allow_permutations=True,
proxy_opener=proxy_opener)
try:
rdap_response = internet_protocol_address_object.lookup_rdap(
rdap_depth)
if internet_protocol_address_object.dns_zone:
rdap_response[
"dns_zone"] = internet_protocol_address_object.dns_zone
return rdap_response
except exceptions.ASNRegistryError as e:
logging.error(traceback.format_exc())
except:
logging.error(traceback.format_exc())
def whois():
print "[" + t.green("+") + "]Please provide an IP for WHOIS lookup."
TARGET = raw_input("\n<" + t.cyan("WHOIS") + ">$ ")
obj = IPWhois(TARGET)
results = obj.lookup_rdap(depth=1)
pprint(results)
print "\n[" + t.magenta(
"?") + "]Would you like to append the WHOIS record to a text file?\n"
logs = raw_input("[Y]es/[N]o: ")
format = json.dumps(results, indent=2)
if logs == "y":
with open("whois.log", "ab") as outfile:
outfile.write("Host: " + TARGET + "\n")
outfile.write(format)
outfile.close()
print "[" + t.green(
"+") + "]Results saved to whois.log in the current directory.\n"
elif logs == "n":
print "[" + t.green("+") + "]Returning to main menu.\n"
else:
print "[" + t.red("!") + "]Unhandled Option.\n"
def ip_lookup(self, ip):
# given ip, look up org, isp, lat and lon
# first, check if we have seen this ip before
if ip in self.iptable:
return self.iptable[ip]
try:
obj = IPWhois(ip, timeout=10) # times out after 10 seconds
results = obj.lookup(get_referral=True)
org = results['nets'][-1]['description']
isp = results['nets'][0]['description']
except (IPDefinedError, ASNLookupError, ASNRegistryError,
WhoisLookupError, HostLookupError, BlacklistError,
AttributeError) as e:
# log bad ip and error
logger.error('%s from IPWhois on IP %s, setting org & isp to None',
e, ip)
org = isp = None
except ValueError:
logger.error(
'Set org & isp to None, ValueError from IPWhois for IP %s', ip)
org = isp = None
# geolite2 returns NoneType if no match
try:
match = geolite2.lookup(ip)
if match:
if match.location:
if match.location[0]:
lat = match.location[0]
else:
lat = None
logger.warn(
'Set lat = None, geolite2 unable to find lat for IP %s',
ip)
if match.location[1]:
lon = match.location[1]
else:
lon = None
logger.warn(
'Set lon = None, geolite2 unable to find lon for IP %s',
ip)
else:
lat = lon = None
logger.warn(
'Set lat & lon = None, geolite2 unable to find lat/lon for IP %s',
ip)
else:
# log unable to find lat/lon for this ip
logger.warn(
'Set lat & lon = None, geolite2 unable to find lat/lon for IP %s',
ip)
lat = lon = None
except ValueError:
# log bad ip and error
logger.error(
'Set lat & lon = None, ValueError from geolite2 for IP %s', ip)
lat = lon = None
self.iptable[ip] = [org, lat, lon, isp]
return self.iptable[ip]
def whoisProcessor():
print "GroupID: ", groupid
consumer = KafkaConsumer(port_scan_source_topic,
group_id=groupid,
bootstrap_servers=props['kafka']['hosts'],
enable_auto_commit=True,
auto_offset_reset='smallest')
for msg in consumer:
node = json.loads(msg.value)
ip = str(msg.key)
if (len(node['ports']) > 0):
print "Node: ", ip
try:
gir = gi.record_by_addr(ip)
w = IPWhois(ip)
out = {}
out['whois'] = w.lookup_rdap()
out['geoip'] = gir
out['ports'] = node['ports']
message_out = json.dumps(out)
kp.send(port_scan_enrich_topic, message_out, msg.key)
except Exception as e:
print "Error: %s " % e
def getlatlongIP(ip):
result = IPWhois(ip)
try:
ret = result.lookup_rdap(depth=1)
# print(ret)
try:
# Get the MaxMind geo data for the query.
# I do not redistribute the GeoLite2 database, download
# GeoLite2-City.mmdb from:
# https://dev.maxmind.com/geoip/geoip2/geolite2/
mm_reader = geoip2.database.Reader('GeoLite2-City.mmdb')
# Query the database.
mm_response = mm_reader.city(ret['query'])
lat = mm_response.location.latitude
lng = mm_response.location.longitude
return lat, lng
# Generic exception. Need to determine all raised and update handling.
# geoip2.errors.AddressNotFoundError, TypeError, etc.
except Exception as e:
print(e)
pass
except:
pass
def obtain_more_data(self, host):
print("\n[ ] Information about domain name")
domain_name = getfqdn(host)
print("[+] Domain name:{}".format(domain_name))
data_whois = IPWhois(host).lookup_whois()
pprint.pprint(data_whois)
aux = domain_name.split('.')
dns_q = '{0}.{1}'.format(aux[-2], aux[-1])
addr = dns.reversename.from_address(host)
rev_name = "\n[+] Reverser name\n"
rev_name += str(addr) + "\n"
try:
ptr_text = "\n[+] PTR\n"
for ptr in dns.resolver.query(addr, "PTR"):
ptr_text += str(ptr) + "\n"
rev_name += ptr_text
except Exception:
pass
try:
ns_text = "\n[+] Name servers\n"
for server in dns.resolver.query(dns_q, 'NS'):
ns_text += str(server).rstrip('.') + '\n'
rev_name += ns_text
print(rev_name)
except Exception:
pass
def __init__(self, addr, timeout, proxy_http, proxy_https,
allow_permutations):
self.addr = addr
self.timeout = timeout
handler_dict = None
if proxy_http is not None:
handler_dict = {'http': proxy_http}
if proxy_https is not None:
if handler_dict is None:
handler_dict = {'https': proxy_https}
else:
handler_dict['https'] = proxy_https
if handler_dict is None:
self.opener = None
else:
handler = ProxyHandler(handler_dict)
self.opener = build_opener(handler)
self.allow_permutations = allow_permutations
self.obj = IPWhois(address=self.addr,
timeout=self.timeout,
proxy_opener=self.opener,
allow_permutations=self.allow_permutations)
def getWhois(ipaddress):
try:
whois = IPWhois(netaddr.IPNetwork(ipaddress)[0]).lookup()
return (json.dumps(whois))
except Exception as e:
sys.stderr.write('Error looking up whois for {0}: {1}\n'.format(
ipaddress, e))
def get_ASN_Infos(ipaddr):
"""
Get Autonomous System Number informations linked to an ip address
:param ipaddr: ip address of the website linked to the certificate common name
:return: list of ASN infos: asn, asn_cidr, asn_country_code, asn_description, asn_abuse_email or the same with empty values
"""
try:
warnings.filterwarnings("ignore")
obj = IPWhois(ipaddr)
results = obj.lookup_rdap(depth=1)
asn = results['asn']
asn_cidr = results['asn_cidr']
asn_country_code = results['asn_country_code']
asn_description = results['asn_description']
# parsing of all the entities members of the ASN record.
# -> when finding an entity with 'abuse' role, print the email present
# in the contact object.
try:
for entity in results['objects'].values():
if 'abuse' in entity['roles']:
asn_abuse_email = entity['contact']['email'][0]['value']
break
except Exception as e:
asn_abuse_email = ""
return asn, asn_cidr, asn_country_code, asn_description, asn_abuse_email
except Exception as e:
asn, asn_cidr, asn_country_code, asn_description, asn_abuse_email = "", "", "", "", ""
return asn, asn_cidr, asn_country_code, asn_description, asn_abuse_email
def main(ip):
obj = IPWhois(ip)
try:
results = obj.lookup_rdap(depth=1)
except:
results = None
return results
def whois(input_ip, depth=1):
try:
result = IPWhois(input_ip)
ret = result.lookup_rdap(depth=depth)
return ret
except:
return False
def _handle_test_connectivity(self, param):
ip = '1.1.1.1'
action_result = self.add_action_result(ActionResult(dict(param)))
action_result.set_param({phantom.APP_JSON_IP: ip})
self.debug_print("Validating/Querying IP '{0}'".format(ip))
self.save_progress("Querying...")
try:
obj_whois = IPWhois(ip)
whois_response = obj_whois.lookup_whois(asn_methods=['whois', 'dns', 'http'])
except IPDefinedError as e_defined:
self.debug_print("Got IPDefinedError exception str: {0}".format(str(e_defined)))
self.save_progress("Test Connectivity Failed")
return action_result.set_status(phantom.APP_SUCCESS, str(e_defined))
except Exception as e:
error_message = self._get_error_message_from_exception(e)
self.debug_print("Got exception: type: {0}, str: {1}".format(type(e).__name__, str(error_message)))
self.save_progress("Test Connectivity Failed")
return action_result.set_status(phantom.APP_ERROR, WHOIS_ERR_QUERY, error_message)
if not whois_response:
self.save_progress("Test Connectivity Failed")
return action_result.set_status(phantom.APP_ERROR, WHOIS_ERR_QUERY_RETURNED_NO_DATA)
self.save_progress("Test Connectivity Passed")
return action_result.set_status(phantom.APP_SUCCESS)
def get_whois(host):
try:
w =IPWhois(host).lookup_rws()
if w:
return w
except:
pass
def __get_query_info__(query_node, user, **kwargs):
class ComplexEncoder(json.JSONEncoder):
def default(self, obj):
if hasattr(obj, 'reprJSON'):
return obj.reprJSON()
if hasattr(obj, 'isoformat'):
return obj.isoformat()
else:
return json.JSONEncoder.default(self, obj)
whois_consult = WhoisConsult.objects.filter(query_node=query_node,
created_at__gt=timezone.now() - timezone.timedelta(
days=365)).first()
if whois_consult is None:
if 'ip' in kwargs:
obj = IPWhois(query_node)
results = obj.lookup()
whois_consult = WhoisConsult.objects.create(query_node=query_node,
info_report=results,
content_object=user)
elif 'domain' in kwargs:
w = pythonwhois.get_whois(query_node)
whois_consult = WhoisConsult.objects.create(query_node=query_node,
info_report=w,
content_object=user)
else:
raise ValueError(
"you must determine is you want to do a domain or ip consultation by __get_query_info" +
"__('query', SomeUser, domain=True or ip=True")
whois_consult.check_info_report(query_node, save=True)
return whois_consult
def do_isp_routine(rows, isp, total, tid):
global to_remove, do_isp_lock, count
local_to_remove = []
for row in rows:
ip = str(row[0])
obj = IPWhois(ip)
try:
res = obj.lookup_whois(False)
for net in res['nets']:
if not net['name'] is None and net['name'].lower().find(
isp) != -1:
local_to_remove.append(ip)
except:
pass
do_isp_lock.acquire()
count += 1
print "%d: %d out of %d (%d%%)" % (tid, count, total,
count * 100 / total)
do_isp_lock.release()
if len(local_to_remove) > 0:
do_isp_lock.acquire()
to_remove.extend(local_to_remove)
do_isp_lock.release()
