def lookup_ip_whois(ip):
try:
# Retrieve parsed record
record = IPWhois(ip).lookup()
record.pop("raw", None)
record.pop("raw_referral", None)
return record
except ValueError:
logger.debug("Invalid IP address passed")
except IPDefinedError:
logger.debug("Private-use network IP address passed")
except Exception as unexpected_error:
logger.error("Unexpected error %s" % unexpected_error)
return None
def lookup_ip_whois(ip):
try:
# Retrieve parsed record
record = IPWhois(ip).lookup()
record.pop("raw", None)
record.pop("raw_referral", None)
return record
except ValueError:
logger.debug("Invalid IP address passed")
except IPDefinedError:
logger.debug("Private-use network IP address passed")
except Exception as unexpected_error:
logger.error("Unexpected error %s" % unexpected_error)
return None
def run(self, *args,
**kwargs) -> ScriptResponse.success or ScriptResponse.error:
"""
A method that performs RDAP lookup. You can get the following information:
- query - The IP address
- asn - The Autonomous System Number
- asn_date - The ASN Allocation date
- asn_registry - The assigned ASN registry
- asn_cidr - The assigned ASN CIDR
- asn_country_code - The assigned ASN country code
- asn_description - The ASN description
- network - Network information which consists of the following fields:
- cidr - Network routing block and IP address belongs to
- country - Country code registered with the RIR in ISO 3166-1 format
- end_address - The last IP address in a network block
- events - List of event dictionaries with the following fields:
- action - The reason for an event
- timestamp - The date an event occured in ISO 8601 format
- actor - The identifier for an event initiator (if any)
- handle - Unique identifier for a registered object
- ip_version - IP protocol version (v4 or v6) of an IP address
- links - HTTP/HTTPS links provided for an RIR object
- name - he identifier assigned to the network registration for an IP address
- parent_handle - Unique identifier for the parent network of a registered network
- start_address - The first IP address in a network block
- status - List indicating the state of a registered object
- type - The RIR classification of a registered network
objects - The objects (entities) referenced by an RIR network or by other entities with the following fields:
- contact - Contact information registered with an RIR object. See "contacts" in "nir" section for more
info.
- entities - List of object names referenced by an RIR object. Map these to other objects dictionary keys.
- events - List of event dictionaries. See "events" in "network" section for more info.
- events_actor - List of event (no actor) dictionaries
- handle - Unique identifier for a registered object
- links - List of HTTP/HTTPS links provided for an RIR object
- roles - List of roles assigned to a registered object
- status - List indicating the state of a registered object
nir - The National Internet Registry results which consists of the following fields:
- cidr - Network routing block and IP address belongs to
- range - Network range an IP address belongs to
- name - he identifier assigned to the network registration for an IP address
- handle - Unique identifier for a registered object
- country - Country code registered with the RIR in ISO 3166-1 format
- address - The mailing address for a registered network
- postal_code - The postal code for a registered network
- nameservers - he nameservers listed for a registered network
- created - Network registration date in ISO 8601 format
- updated - Network registration updated date in ISO 8601 format
- contacts - Dictionary with keys: admin, tech. Values map to contact dictionaries if found:
- name - The contact’s name
- organization - The contact’s organization
- division - The contact’s division of the organization
- email - Contact email address
- reply_email - Contact reply email address
- updated - Updated date in ISO 8601 format
- phone - Contact phone number
- fax - Contact fax number
- title - The contact’s position or job title
:param args: variable length argument list.
:param kwargs: arbitrary keyword arguments.
:return: ScriptResponse.error with error message: returned if IP address is invalid or RDAP query failed.
ScriptResponse.success with RDAP lookup results: returned if IP address is valid and RDAP query was
successful.
"""
try:
ip = self.__validate_ip(kwargs.get("ip"))
except ValueError:
return ScriptResponse.error(message="Invalid IP address")
try:
rdap = IPWhois(ip).lookup_rdap()
except Exception as e:
return ScriptResponse.error(
message=f"RDAP lookup failed. Unknown error occurred: {str(e)}"
)
# notices and remarks sections contains some useless info, let's get rid of it
rdap["network"].pop("notices", None)
for obj in rdap["objects"].keys():
rdap["objects"][obj].pop("notices", None)
rdap["objects"][obj].pop("remarks", None)
# entities section contains objects section keys, so we don't need it
rdap.pop("entities", None)
return ScriptResponse.success(result=rdap,
message="RDAP lookup successful")
