def _rezo():
_html = []
_ip = _get_ip()
_html.extend([ '<center><h1 name=ip>', _ip, '</h1><br>' ])
if _ip != '127.0.0.1' and _ip != '172.17.0.1':
if not IPAddress(_ip).is_private():
_ip_info = IPWhois(_ip).lookup_rdap(depth=1)
_entity = _ip_info.get('entities')[0]
_html.extend([ _ip_info.get('network').get('name'), "<br>",
_ip_info.get('network').get('cidr'), "<br>",
_ip_info.get('network').get('handle'), "<br>",
_ip_info.get('network').get('links')[0], "<br>" ])
_html.append(_ip_info.get('objects').get(_entity).get('contact').get('address')[0].get('value'))
_html.extend(['<p>SEDME<p>'])
return _html
def _rezo():
_html = []
if request.headers.getlist("X-Forwarded-For"):
_ip = request.headers.getlist("X-Forwarded-For")[0]
else:
_ip = request.remote_addr
_html.extend([ "<center><h1 name=ip>", _ip, "</h1><p><br>" ])
if _ip != "127.0.0.1":
if not IPAddress(_ip).is_private():
_ip_info = IPWhois(_ip).lookup_rdap(depth=1)
_entity = _ip_info.get('entities')[0]
_html.extend([ _ip_info.get('network').get('name'), "<br>",
_ip_info.get('network').get('cidr'), "<br>",
_ip_info.get('network').get('handle'), "<br>",
_ip_info.get('network').get('links')[0], "<br>" ])
_html.append(_ip_info.get('objects').get(_entity).get('contact').get('address')[0].get('value'))
return _html
def check_ip(ip):
from app.models.models import Ip
ip_inst = db_session.session.query(Ip).get(ip)
if ip_inst:
return ip_inst
ip_data = IPWhois(ip).lookup()
ip_inst = Ip(ip=ip,
provider_id=_get_provider(ip_data.get('asn')),
country_id=ip_data['nets'][0]['country'],
description=ip_data['nets'][0]['description'])
db_session.session.add(ip_inst)
return ip_inst
def get_ip_list(ip):
ip_list = []
resp = IPWhois(ip).lookup_whois()
if not resp:
return ip_list
network_address = resp.get("nets", {})
if not network_address:
return ip_list
ip_range_string = network_address[0]["range"]
if not ip_range_string:
return ip_list
ip_list = ip_range_string.split("-")
return ip_list
def get_asn(ip_address):
"""
Get the ASN from the IP address if this one is global
:param ip_address:
:return:
"""
try:
ip_address = ipaddress.ip_address(ip_address)
if not ip_address.is_global:
return
asn_lookup = IPWhois(ip_address.compressed).ipasn.lookup()
if not asn_lookup:
return
return asn_lookup.get("asn")
except ValueError:
return
def get_registrant(cidr):
ip = cidr.split("/")[0]
with warnings.catch_warnings():
warnings.simplefilter("ignore")
try:
whois = IPWhois(ip).lookup_rdap()
except Exception:
return ""
registrants = []
for title, obj in whois.get('objects', {}).items():
if obj.get('contact') is None:
continue
if 'registrant' in obj.get('roles', []):
registrants.append(f"{obj['contact'].get('name')} ({title})")
break
return ', '.join(registrants)
def get_whois_tags(ip_address):
"""
Get list of tags with `address` for given `ip_address`.
Args:
index_page (str): HTML content of the page you wisht to analyze.
Returns:
list: List of :class:`.SourceString` objects.
"""
whois = IPWhois(ip_address).lookup_whois()
nets = whois.get("nets", None)
if not nets:
return []
# parse cities
cities = [
net["city"]
for net in nets
if net.get("city", None)
]
# parse address tags
address_list = []
for net in nets:
address = net.get("address", None)
if not address:
continue
# filter company name
if "description" in net and net["description"]:
address = address.replace(net["description"], "").strip()
if "\n" in address:
address = ", ".join(address.splitlines())
address_list.append(address)
return [
SourceString(val, source="Whois")
for val in set(cities + address_list)
]
def get_cidr_info(ip_address):
for p in private_subnets:
if ip_address in p:
return str(p), 'Non-Public Subnet'
try:
res = IPWhois(ip_address).lookup_whois(get_referral=True)
except Exception:
try:
res = IPWhois(ip_address).lookup_whois()
except Exception as e:
display_error("Error trying to resolve whois: {}".format(e))
res = {}
if not res.get('nets', []):
display_warning(
"The networks didn't populate from whois. Defaulting to a /24.")
# again = raw_input("Would you like to try again? [Y/n]").lower()
# if again == 'y':
# time.sleep(5)
# else:
return '{}.0/24'.format('.'.join(
ip_address.split('.')[:3])), "Whois failed to resolve."
cidr_data = []
for net in res['nets']:
for cd in net['cidr'].split(', '):
cidr_data.append([
len(IPNetwork(cd)), cd,
net['description'] if net['description'] else ""
])
try:
cidr_data.sort()
except Exception as e:
display_error("Error occured: {}".format(e))
pdb.set_trace()
return cidr_data[0][1], cidr_data[0][2]
def _do(ip_, whois_ttl):
data = {}
if not HAS_IPWHOIS:
return data
try:
wreg = __salt__[
'mc_macros.get_local_registry'](
'whois_data', registry_format='pack')
if ip in wreg:
if time.time() >= wreg[ip]['t'] + whois_ttl:
del wreg[ip]
data = wreg.get(ip, {}).get('data', {})
if not data:
data = IPWhois(ip).lookup()
cdata = wreg.setdefault(ip, {})
cdata.setdefault('t', time.time())
cdata.setdefault('data', data)
search_data = {'ovh': ['ovh', 'sys'],
'phpnet': ['phpnet'],
'online': ['proxad',
'illiad',
'iliad']}
search_data['sys'] = search_data['ovh']
for provider, search_terms in search_data.items():
for i in search_terms:
for j in data.get('nets', []):
for k, val in j.items():
if k in ['abuse_emails',
'description',
'handle',
'name']:
if val and i in val.lower():
data['is_{0}'.format(provider)] = True
break
__salt__['mc_macros.update_local_registry'](
'whois_data', wreg,
registry_format='pack')
except Exception:
log.error(traceback.format_exc())
data = {}
return data
def main():
f_input = open("domains.txt", "r")
f_output = open("Results.txt", "w")
num_lines = sum(1 for line in open("domains.txt"))
print("\n" + "- A total of " + str(num_lines) +
" domains will be resolved to an IP" + "\n")
i = 1
nslookup = dns.resolver.Resolver()
while (i <= num_lines):
domain = f_input.readline().rstrip('\n')
domain = domain.rstrip('\r')
print("- Resolving domain: " + domain + "\n")
print(" * Performing NS Lookup..." + "\n")
try:
#NS LOOKUP - REGISTER A - DOMAIN TO IP
nslookup_answer = nslookup.query(domain, "A")
except Exception as e:
print(str(e))
print(" * ERROR. Domain can not be resolved! " + "\n")
f_output.write(domain)
f_output.write(";")
f_output.write("KO-Domain-not-resolved")
f_output.write("\n")
break
for rdata in nslookup_answer: #for each response
#WHOIS IP LOOKUP
print(" * Getting IP WHOIS data from ARIN..." + "\n")
try:
whois_results = IPWhois(str(
rdata.address)).lookup_whois(get_asn_description=True)
#ORGANIZATION NAME DATA EXTRACTION FROM WHOIS RESULTS
org_results = whois_results.get('nets')[0]
except Exception as e:
print(str(e))
print(" * ERROR. WHOIS IP Data can not be retrieved! " +
"\n")
f_output.write(domain)
f_output.write(";")
f_output.write(rdata.address)
f_output.write(";")
f_output.write("KO-WHOIS-data-retrieval-failed")
f_output.write("\n")
break
#TRY OPEN PORTS 80,443
print(" * Trying to connect on 80,443 ports..." + "\n")
try:
sock1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock1.settimeout(2) #2 Second Timeout
port_http = sock1.connect_ex((str(rdata.address), 80))
sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock2.settimeout(2) #2 Second Timeout
port_https = sock2.connect_ex((str(rdata.address), 443))
open_ports = []
if (port_http == 0):
open_ports.append(80)
web_app = "HTTP is open on 80 port"
url_prefix = "http://"
elif (port_https == 0):
open_ports.append(443)
web_app = "HTTPS is open on 443 port"
url_prefix = "https://"
else:
web_app = "No web app detected"
except Exception as e:
print(str(e))
print(" * ERROR. TCP Socket connection on 80,443 failed! " +
"\n")
f_output.write(domain)
f_output.write(";")
f_output.write(rdata.address)
f_output.write(";")
f_output.write(whois_results.get('asn_description'))
f_output.write(";")
f_output.write(org_results.get('description'))
f_output.write(";")
f_output.write("KO-Connection-attempt-on-80,443-ports-failed")
f_output.write("\n")
break
#GET HTML TITLE PAGE
print(" * Getting HTML Title page..." + "\n")
for port in open_ports:
if (port == 80):
try:
r = requests.get("http://" + domain)
html = bs4.BeautifulSoup(r.text)
web_title = html.title.text
except Exception as e:
print(str(e))
print(" * ERROR. No HTML Title page found!" + "\n")
f_output.write(domain)
f_output.write(";")
f_output.write(rdata.address)
f_output.write(";")
f_output.write(whois_results.get('asn_description'))
f_output.write(";")
f_output.write(org_results.get('description'))
f_output.write(";")
f_output.write(web_app)
f_output.write(";")
f_output.write(
"KO-Connection-attempt-on-80,443-ports-failed")
f_output.write("\n")
break
if (port == 443):
try:
r = requests.get("https://" + domain)
html = bs4.BeautifulSoup(r.text)
web_title = html.title.text
except Exception as e:
print(str(e))
print(" * ERROR. No HTML Title page found!" + "\n")
f_output.write(domain)
f_output.write(";")
f_output.write(rdata.address)
f_output.write(";")
f_output.write(whois_results.get('asn_description'))
f_output.write(";")
f_output.write(org_results.get('description'))
f_output.write(";")
f_output.write(web_app)
f_output.write(";")
f_output.write(
"KO-Connection-attempt-on-80,443-ports-failed")
f_output.write("\n")
break
print(" * Result: " + rdata.address + "; " +
whois_results.get('asn_description') + "; " +
org_results.get('description') + "; " + web_app + "; " +
web_title + "\n")
print("\n")
f_output.write(domain)
f_output.write(";")
f_output.write(rdata.address)
f_output.write(";")
f_output.write(whois_results.get('asn_description'))
f_output.write(";")
f_output.write(org_results.get('description'))
f_output.write(";")
f_output.write(web_app)
f_output.write(";")
f_output.write(web_title)
f_output.write("\n")
i = i + 1
f_input.close()
f_output.close()
def get_who_is(hostname):
"""
Returns some information about hostname.
:param hostname: domain name or IP address
:type hostname: str
:return: information about hostname
:rtype: dict
"""
try:
domain = get_domain_name(hostname)
info = IPWhois(socket.gethostbyname(domain)).lookup_rdap()
data = {
'country_code':
info.get('asn_country_code'), # Country code
'date':
info.get('asn_date'), # Date
'asncidr':
info.get(
'asn_cidr'
), # Abstract Syntax Notation of Classless Inter-Domain Routing
'asnr':
info.get('asn_registry'), # Abstract Syntax Notation Registartion
'ip':
info.get('query'), # Ip
'asn':
info.get('asn'), # Abstract Syntax Notation
'updated':
info.get('network').get('events')[0].get('timestamp')
if info.get('network') and info.get('network').get('events')
and info.get('network').get('events')[0].get('timestamp') else
None, # Updated
'handle':
info.get('network').get('handle')
if info.get('network') else None, # Handle
'description':
info.get('network').get('notices')[0].get('description')
if info.get('network') and info.get('network').get('notices')
and info.get('network').get('notices')[0].get('description') else
None, # Description
'postal_code':
info.get('network').get('postal_code')
if info.get('network') else None, # Postal
'address':
info.get('network').get('address')
if info.get('network') else None, # Address
'city':
info.get('network').get('city')
if info.get('network') else None, # City
'name':
info.get('network').get('name')
if info.get('network') else None, # Name
'created':
info.get('network').get('created')
if info.get('network') else None, # Created
'country':
info.get('network').get('country')
if info.get('network') else None, # Country
'state':
info.get('network').get('state')
if info.get('network') else None, # State
'ip_range':
info.get('network').get('range')
if info.get('network') else None, # Range of Ip
'cidr':
info.get('network').get('cidr')
if info.get('network') else None # Classless Inter-Domain Routing
}
except Exception as error:
return None
else:
return data
def find_or_create(self,
ip_str,
only_tool=False,
in_scope=False,
passive_scope=True,
label=None,
force_cidr=None,
**kwargs):
res = False
if label and force_cidr:
res = ([force_cidr, label], )
for cidr in private_subnets:
if IPAddress(ip_str) in cidr:
res = ([str(cidr), "Non-Public Subnet"], )
for cidr in CIDRRepository(self.db, "").all():
if IPAddress(ip_str) in IPNetwork(cidr.cidr):
res = ([str(cidr.cidr), cidr.org_name], )
display("Subnet already in database, not rechecking whois.")
if res:
cidr_data = res
else:
while True:
try:
res = IPWhois(ip_str).lookup_whois(get_referral=True)
except Exception:
try:
res = IPWhois(ip_str).lookup_whois()
except Exception as e:
display_error(
"Error trying to resolve whois: {}".format(e))
res = {}
if res.get('nets', []):
break
else:
display_warning(
"The networks didn't populate from whois. Defaulting to a /24."
)
# again = raw_input("Would you like to try again? [Y/n]").lower()
# if again == 'y':
# time.sleep(5)
# else:
res = {
'nets': [{
'cidr':
'{}.0/24'.format('.'.join(ip_str.split('.')[:3])),
'description':
'Whois failed to resolve.'
}]
}
break
cidr_data = []
for n in res["nets"]:
if "," in n["cidr"]:
for cidr_str in n["cidr"].split(", "):
cidr_data.append([cidr_str, n["description"]])
else:
cidr_data.append([n["cidr"], n["description"]])
cidr_data = [
cidr_d for cidr_d in cidr_data
if IPAddress(ip_str) in IPNetwork(cidr_d[0])
]
if cidr_data:
try:
cidr_len = len(IPNetwork(cidr_data[0][0]))
except Exception:
pdb.set_trace()
matching_cidr = cidr_data[0]
for c in cidr_data:
if len(IPNetwork(c[0])) < cidr_len:
matching_cidr = c
display("Processing CIDR from whois: %s - %s" %
(str(matching_cidr[1]).split('\n')[0], matching_cidr[0]))
created, cidr = super(CIDRRepository,
self).find_or_create(only_tool,
cidr=matching_cidr[0])
if created:
display_new("CIDR %s added to database" % cidr.cidr)
cidr.org_name = str(matching_cidr[1]).split('\n')[0]
cidr.update()
return created, cidr
