def informationURL(self):
logging.info('Se ha inicializado la opcion WHOIS URL')
url = input("Introduzca la URL a analizar:")
res = ""
if str(url) != "None":
if url == "":
res = res + "Has introducido una url vacia"
logging.info('WHOIS URL: Se ha introducido una URL vacía')
print("Has introducido una url vacia")
else:
# Para calcular la direccion IP de la URL introducida utilizamos la funcion socket.gethostbyname()
#print (socket.gethostbyname(url))
# Debemos controlar la excepción de que el usuario introduzca una URL errónea de modo que la aplicación devolvería error
# (Si introduce una dirección IP no hay problema ya que la resuelve como ella misma)
try:
ip = socket.gethostbyname(url)
#print(ip)
dirIP = IPWhois(ip)
#IMPORTANTE: CON LA VERSION QUE TIENE POR DEFECTO DABA WARNINGS, SIN EMBARGO HE INSTALADO LA SIGUIENTE VERSION CON EL SIGUIENTE COMANDO:
# py -m pip install ipwhois==0.10.3
logging.info('Se ha analizado la dirección: ' + url +
' con direccion IP: ' + ip)
result = dirIP.lookup_rws()
res = res + "\nINFORMACIÓN SOBRE EL DOMINIO: " + url
res = res + "\n\nASN: " + result['asn']
res = res + "\nASN_CIDR: " + result['asn_cidr']
res = res + "\nASN_COUNTRY_CODE: " + result[
'asn_country_code']
res = res + "\nASN_DATE: " + result['asn_date']
res = res + "\nASN_REGISTRY: " + result['asn_registry']
res = res + "\n\nAbuse emails: " + str(
result['nets'][0]['abuse_emails'])
res = res + "\nAddress: " + str(
result['nets'][0]['address'])
res = res + "\nCidr: " + str(result['nets'][0]['cidr'])
res = res + "\nCity: " + str(result['nets'][0]['city'])
res = res + "\nCountry: " + str(
result['nets'][0]['country'])
res = res + "\nCreated: " + str(
result['nets'][0]['created'])
res = res + "\nDescription: " + str(
result['nets'][0]['description'])
res = res + "\nMisc Emails: " + str(
result['nets'][0]['misc_emails'])
res = res + "\nName: " + str(result['nets'][0]['name'])
res = res + "\nPostal Code: " + str(
result['nets'][0]['postal_code'])
res = res + "\nState: " + str(result['nets'][0]['state'])
res = res + "\nTech emails: " + str(
result['nets'][0]['tech_emails'])
res = res + "\nUpdated: " + str(
result['nets'][0]['updated'])
print(res)
except ValueError:
messagebox.showerror("ERROR",
"La URL: " + url + " no es correcta")
def test_lookup_rws(self):
try:
from urllib.request import ProxyHandler, build_opener
except ImportError:
from urllib2 import ProxyHandler, build_opener
ips = [
'74.125.225.229', # ARIN
'2001:4860:4860::8888',
'62.239.237.1', # RIPE
'2a00:2381:ffff::1',
'210.107.73.73', # APNIC
'2001:240:10c:1::ca20:9d1d',
'200.57.141.161', # LACNIC
'2801:10:c000::',
'196.11.240.215', # AFRINIC
'2001:43f8:7b0::'
]
for ip in ips:
result = IPWhois(ip)
try:
self.assertIsInstance(result.lookup_rws(), dict)
except (ASNLookupError, ASNRegistryError, WhoisLookupError):
pass
except AssertionError as e:
raise e
except Exception as e:
self.fail('Unexpected exception raised: %r' % e)
handler = ProxyHandler({'http': 'http://0.0.0.0:80/'})
opener = build_opener(handler)
result = IPWhois('74.125.225.229', 0, opener)
self.assertRaises(WhoisLookupError, result.lookup_rws)
def test_lookup_rws(self):
try:
from urllib.request import ProxyHandler, build_opener
except ImportError:
from urllib2 import ProxyHandler, build_opener
ips = [
'74.125.225.229', # ARIN
'2001:4860:4860::8888',
'62.239.237.1', # RIPE
'2a00:2381:ffff::1',
'210.107.73.73', # APNIC
'2001:240:10c:1::ca20:9d1d',
'200.57.141.161', # LACNIC
'2801:10:c000::',
'196.11.240.215', # AFRINIC
'2001:43f8:7b0::'
]
for ip in ips:
result = IPWhois(ip)
try:
self.assertIsInstance(result.lookup_rws(), dict)
except (ASNLookupError, ASNRegistryError, WhoisLookupError):
pass
except AssertionError as e:
raise e
except Exception as e:
self.fail('Unexpected exception raised: %r' % e)
handler = ProxyHandler({'http': 'http://0.0.0.0:80/'})
opener = build_opener(handler)
result = IPWhois('74.125.225.229', 0, opener)
self.assertRaises(WhoisLookupError, result.lookup_rws)
def ipWhois():
# Call backup_myIPwhois.py
# myIPwhois.IPWhoisChecker("https://www.abuseipdb.com/whois/" + sys.argv[1])
# IPWhois (pip3 install ipwhois == 0.10.3)
ipwhoisInfo = IPWhois(sys.argv[1])
ipwhoisResults = ipwhoisInfo.lookup_rws()
pprint(ipwhoisResults)
def gather(self, all_ips):
for path, incoming_ip_obj in all_ips.iteritems():
if incoming_ip_obj[0].ip_whois == "":
try:
print "Gathering whois information about " + incoming_ip_obj[0].ip_address
ip_whois = IPWhois(incoming_ip_obj[0].ip_address)
incoming_ip_obj[0].ip_whois = ip_whois.lookup_rws()
except IPDefinedError:
print helpers.color("[*] Error: Private IP address, skipping IP!", warning=True)
return
def test_lookup_rws(self):
from urllib import request
result = IPWhois('74.125.225.229')
try:
self.assertIsInstance(result.lookup_rws(), dict)
except (ASNLookupError, WhoisLookupError):
pass
except AssertionError as e:
raise e
except Exception as e:
self.fail('Unexpected exception raised: %r' % e)
handler = request.ProxyHandler({'http': 'http://0.0.0.0:80/'})
opener = request.build_opener(handler)
result = IPWhois('74.125.225.229', 0, opener)
self.assertRaises(WhoisLookupError, result.lookup_rws)
def execute(self):
addr = self.target
obj = IPWhois(addr)
self.result = obj.lookup_rws()
print self.result
def whois(): obj = IPWhois(ip) results = obj.lookup_rws() pprint.pprint(results)
def notify_service(intervallo, ip, labels, kind, u="", p=""):
blck = os.path.join(os.path.join(os.environ['USERPROFILE']),
'Documents') + "\\smersh_blacklist.txt"
mail_setting = os.path.join(os.path.join(os.environ['USERPROFILE']),
'Documents') + "\\smersh_mail_setting.txt"
keywords = os.path.join(os.path.join(os.environ['USERPROFILE']),
'Documents') + "\\smersh_extractor_keywords.txt"
with open(keywords, mode="r") as file:
config_file = file.read().splitlines()
done = False
while not done:
try:
with open(mail_setting, mode="r") as file:
content = file.read().split("|")
done = True
except:
# Il file potrebbe essere usato contemporaneamente da smersh-on poller e blacklist poller se runnati
# contemporaneamente. Pertanto ho previsto questa eccezione.
time.sleep(3)
now = datetime.now()
timestamp = now.strftime("%d/%m/%Y %H:%M:%S")
if not labels:
fatto = False
while not fatto:
try:
with open(blck, mode='r') as file:
listato = file.read().splitlines()
fatto = True
except:
# Il file potrebbe essere usato contemporaneamente da smersh-on poller e blacklist poller se runnati
# contemporaneamente. Pertanto ho previsto questa eccezione.
time.sleep(3)
for add in ip:
for idx, x in enumerate(listato):
if add in x:
labels.append(listato[idx - 1])
break
elif idx + 1 == len(listato):
# Mi ricavo il net name tramite whois:
from ipwhois import IPWhois
import urllib2
handler = urllib2.ProxyHandler({
'http':
'http://' + u + ':' + p + '@' + config_file[11]
})
try:
opener = urllib2.build_opener(handler)
obj = IPWhois(add, proxy_opener=opener)
results = obj.lookup_rws()
netname = results["nets"][0]["name"]
except:
netname = "## INDIRIZZO NON RISOLTO!"
labels.append("# " + netname)
#labels.append("NUOVO IP")
# Quindi aggiungiamoli alla blacklist se dopo averla scorsa tutta non trovo corrispondenze
#label = "# NUOVO - DA VERIFICARE"
try:
with open(blck, mode="a") as blacklist:
blacklist.write("\n# " + netname)
blacklist.write("\n" + add)
print "\n[*] Blacklist file aggiornata con successo!"
except:
print u"\n[!] Qualcosa è andato storto nell'aggiornamento della blacklist!"
traceback.print_stack()
for add in ip:
# Infine estraiamo i dati generati dagli IP Segnalati...
try:
from smersh_off_forensics import estrattore_dati
with open(blck, "r") as file:
listone = file.read().splitlines()
dest = [
listone[idx - 1] for idx, x in enumerate(listone) if add in x
]
dest = dest[0].replace("#", "").replace(" ", "")
folder_estrazione = os.path.join(
os.path.join(os.environ['USERPROFILE']),
'Desktop') + "\\Estrazioni_Elaborate\\" + dest
if not os.path.exists(folder_estrazione):
os.makedirs(folder_estrazione)
estrattore_dati(choose="5",
ips=add,
intervallo=(86400),
verbose=False,
save_path=folder_estrazione)
print "\n[*] Estrazioni report avvenuta con successo!"
except:
print u"\n[!] Qualcosa è andato storto con il dump delle attività degli IP segnalati."
traceback.print_stack()
return None
sender = content[0]
receivers = content[1].split(',')
message_payload = content[2].format(kind, str(intervallo), ", ".join(ip),
", ".join(labels), timestamp)
address = content[3]
try:
smtpObj = smtplib.SMTP(address)
smtpObj.sendmail(sender, receivers, message_payload)
print "\n [***] Notificate figure interessate!"
except smtplib.SMTPException:
print "\n[!] Error: unable to send email"
return None
