Exemplo n.º 1
0
def main(ip):
    obj = IPWhois(ip)
    try:
        results = obj.lookup_rdap(depth=1)
    except:
        results = None
    return results
Exemplo n.º 2
0
def check_addr_type(addr, addr_dict):
    if addr != local and not any([pattern.match(addr) for pattern in pattern_list]):
        obj = IPWhois(addr)
        results = obj.lookup()
        domain = results['nets'][0]['name']
        if domain is not None:
            addr_dict[addr] = domain
Exemplo n.º 3
0
    def test_lookup(self):

        ips = [
            '74.125.225.229',  # ARIN
            '2001:4860:4860::8888',
            '62.239.237.1',  # RIPE
            '2a00:2381:ffff::1',
            '210.107.73.73',  # APNIC
            '2001:240:10c:1::ca20:9d1d',
            '200.57.141.161',  # LACNIC
            '2801:10:c000::',
            '196.11.240.215',  # AFRINIC
            '2001:43f8:7b0::'
        ]

        for ip in ips:

            result = IPWhois(ip)
            try:
                self.assertIsInstance(result.lookup(), dict)
            except (ASNLookupError, ASNRegistryError, WhoisLookupError):
                pass
            except AssertionError as e:
                raise e
            except Exception as e:
                self.fail('Unexpected exception raised: %r' % e)
    def orgGroups(self, sender, mID):
        # import pdb; pdb.set_trace()
        try:
            newmID = "www." + mID
            afterAT = "www." + sender[sender.index("@")+1:]

            if newmID in self.domainCompanyPairing.keys():
                res1 = self.domainCompanyPairing[newmID]
            else:
                ip1 = socket.gethostbyname(newmID)
                obj1 = IPWhois(ip1)
                res1 = obj1.lookup(get_referral=True)['nets'][0]['name']
                self.domainCompanyPairing[newmID] = res1

            if afterAT in self.domainCompanyPairing.keys():
                res2 = self.domainCompanyPairing[afterAT]
            else:
                ip2 = socket.gethostbyname(afterAT)
                obj2 = IPWhois(ip2)
                res2 = obj2.lookup(get_referral=True)['nets'][0]['name']
                self.domainCompanyPairing[afterAT] = res2
            
            if res1 == res2:
                return True
            return False
        except:
            return False
Exemplo n.º 5
0
 def get_remote_whos(url):
     try:
         obj = IPWhois(DomainCheck.get_remote_IP(url))
         results = obj.lookup_rdap(depth=1)
         pprint(results)
     except socket.error:
         print("Error no connection .. WHOS")
Exemplo n.º 6
0
def cmd_whois_ip(ip):
    """Simple whois client to check IP addresses (IPv4 and IPv6).

    Example:

    \b
    $ habu.whois.ip 8.8.8.8
    {
        "nir": null,
        "asn_registry": "arin",
        "asn": "15169",
        "asn_cidr": "8.8.8.0/24",
        "asn_country_code": "US",
        "asn_date": "1992-12-01",
        "asn_description": "GOOGLE - Google LLC, US",
        "query": "8.8.8.8",
        ...
    """

    warnings.filterwarnings("ignore")

    obj = IPWhois(ip)
    data = obj.lookup_rdap()

    print(json.dumps(data, indent=4))
Exemplo n.º 7
0
def _whois(ip_pk):
    ip = IPv4Whois.objects.get(pk=ip_pk)
    ip.status = IPv4Whois.STATUS_LOOKING_UP_WHOIS
    ip.save()

    obj = IPWhois(ip.address, timeout=9)

    try:
        results = obj.lookup_rdap()
    except Exception as exc:
        ip.status = IPv4Whois.STATUS_LOOKUP_WHOIS_FAILED
        ip.save()
        raise exc

    ip.whois = json.dumps(results)
    ip.status = IPv4Whois.STATUS_LOOKUP_WHOIS_SUCCESS
    ip.save()

    kafka_msg = {
        'IP': ip.address,
        'Whois': results,
        'Host': settings.EXTERNAL_IP,
        'Timestamp': datetime.utcnow().isoformat(),
    }
    send_to_kafka('results', kafka_msg)
Exemplo n.º 8
0
 def getCIDR(cls, ip):
     if Lookup.offline:
         Lookup.cidr_tot += 1
         for cidr in Lookup.seen_pairings_keys:
             ip_bin = getBinaryRep(ip, cidr)
             if ip_bin in Lookup.seen_pairings[cidr]:
                 Lookup.cidr_hit += 1
                 return ip_bin
         return getBinaryRep(ip, 32)
     else:
         Lookup.cidr_tot += 1
         try:
             if ip in Lookup.seen_pairings:
                 Lookup.cidr_hit += 1
                 return Lookup.seen_pairings[ip]
             else:
                 obj = IPWhois(ip)
                 results = obj.lookup()
                 if "nets" not in results.keys() or "cidr" not in results["nets"][0].keys():
                     cidr = ip + "/32"
                 else:
                     cidr = results["nets"][0]["cidr"]
                 Lookup.seen_pairings[ip] = cidr
                 if cidr:
                     Lookup.cidr_hit += 1
                 return cidr
         except:
             Lookup.seen_pairings[ip] = "Invalid"
             return "Invalid"
Exemplo n.º 9
0
    def set(self,pagenum,kw):
        try:
            url = 'http://www.ebay.com/sch/i.html?_from=R40&_sacat=0&LH_Complete=1&LH_Sold=1&LH_ItemCondition=3&_nkw=' + kw + '&_pgn=' + str(pagenum) + '&_ipg=200&rt=nc&_dmd=1'
            if len(self.proxies) > 0:
                countries = get_countries()
                obj = IPWhois(self.proxies[0].split(':')[0])
                results = obj.lookup(False)

                if countries[results['nets'][0]['country']] == "United States":

                    if self.getfile(url,self.proxies[0],".ht") == "error":
                        print("Switching Proxy")
                        self.proxies.pop(0)
                        self.set(pagenum,kw)
                    else:
                        print(self.proxies[0])

                else:
                    print(countries[results['nets'][0]['country']])
                    print("Non-US IP " + self.proxies[0].split(':')[0]  + ": Switching Proxy")
                    self.proxies.pop(0)
                    self.set(pagenum,kw)

            else:
                print("No Proxies in Queue")


        except Exception as e:
            print(str(e))
Exemplo n.º 10
0
    def test_lookup_rws(self):
        try:
            from urllib.request import ProxyHandler, build_opener
        except ImportError:
            from urllib2 import ProxyHandler, build_opener

        ips = [
            '74.125.225.229',  # ARIN
            '2001:4860:4860::8888',
            '62.239.237.1',  # RIPE
            '2a00:2381:ffff::1',
            '210.107.73.73',  # APNIC
            '2001:240:10c:1::ca20:9d1d',
            '200.57.141.161',  # LACNIC
            '2801:10:c000::',
            '196.11.240.215',  # AFRINIC
            '2001:43f8:7b0::'
        ]

        for ip in ips:

            result = IPWhois(ip)
            try:
                self.assertIsInstance(result.lookup_rws(), dict)
            except (ASNLookupError, ASNRegistryError, WhoisLookupError):
                pass
            except AssertionError as e:
                raise e
            except Exception as e:
                self.fail('Unexpected exception raised: %r' % e)

        handler = ProxyHandler({'http': 'http://0.0.0.0:80/'})
        opener = build_opener(handler)
        result = IPWhois('74.125.225.229', 0, opener)
        self.assertRaises(WhoisLookupError, result.lookup_rws)
Exemplo n.º 11
0
def whois(ip):
    try:
        obj = IPWhois(ip)
        response = obj.lookup()
    except ipwhois.exceptions.WhoisLookupError:
        return None

    return response
Exemplo n.º 12
0
 def geoinfo(self):
     
     try:
         data = IPWhois(self.ip)
         return data.lookup(False)['nets'][0]   
     except:
         #raise
         return None
Exemplo n.º 13
0
def performWhoIs(IP):
    print()
    print(timeStamp() + "* Performing WHOIS on " + IP)
    obj = IPWhois(IP)
    res = obj.lookup_whois()
    print(timeStamp() + "- WHOIS name: " + res["nets"][0]['name'])
    print(timeStamp() + "- WHOIS CIDR: " + res['asn_cidr'])
    print(timeStamp() + "- More info at http://who.is/whois-ip/ip-address/" + IP)
 def getIPandWhoIsData(self,url):
     try:
         ip=socket.gethostbyname(url);
         obj=IPWhois(ip);
         whoIsDict=obj.lookup();
         whoIsDict['resolved_IP']=ip;
         return {url : whoIsDict};
     except Exception:
         return dict();
Exemplo n.º 15
0
 def queryIP(self,ip):
     try:
         self.result['type'] = 'ip'
         self.result['keyword'] = ip
         self.ip = ip
         ipwhois = IPWhois(self.ip)
         self.result['whois'] = ipwhois.lookup()
     except Exception as e:
         self.result['exceptions'].append(e)
     return self
Exemplo n.º 16
0
 def test_get_host(self):
     result = IPWhois('74.125.225.229')
     try:
         self.assertIsInstance(result.get_host(), tuple)
     except HostLookupError:
         pass
     except AssertionError as e:
         raise e
     except Exception as e:
         self.fail('Unexpected exception raised: %r' % e)
Exemplo n.º 17
0
 def test_get_asn_whois(self):
     result = IPWhois('74.125.225.229')
     try:
         self.assertIsInstance(result.get_asn_whois(), dict)
     except (ASNLookupError, ASNRegistryError):
         pass
     except AssertionError as e:
         raise e
     except Exception as e:
         self.fail('Unexpected exception raised: %r' % e)
Exemplo n.º 18
0
    def get_ipwhois(self, depth=1):

        # Perform the RDAP lookup for self.addr retrieving all
        # entities up to depth.
        obj = IPWhois(self.addr)
        ret = obj.lookup_rdap(depth=depth)

        # Set the updated timestamp for cache expiration.
        ret['updated'] = datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ')

        return ret
Exemplo n.º 19
0
def lookup(ip, rdap=False):
    obj = IPWhois(ip)
    if rdap:
        # TODO: RDAP output includes less relevant info, needs a dedicated formatter
        return obj.lookup_rdap()
    else:
        ret = obj.lookup_whois()
        # remove some fields that clutter
        for x in ['raw', 'raw_referral', 'referral']:
            ret.pop(x, None)
        return ret
def sitebilgilerinibul(site):
    ip     = socket.gethostbyname(site)
    obje   = IPWhois(ip)
    obj    = obje.lookup_whois()
    eposta = obj["nets"][0]['emails']
    desc  = obj["nets"][0]['description']
    print  "Site\t: ", site, "\n"
    print "IP adresi\t: ", ip
    print  "\nAçıklama\t: ", desc
    print "\nEmails\t: \n"
    print  email
Exemplo n.º 21
0
def resolveDomainIpwhois(dom):
    print "... ipwhois"

    i = 0
    while(i < len(dom['ipaddr'])):
        time.sleep(1)

        ip_whois = IPWhois( dom['ipaddr'][i]['ipaddr'] )
        dom['ipaddr'][i]['whois'] = ip_whois.lookup()
        pprint(dom['ipaddr'][i]['whois'])
        i += 1
Exemplo n.º 22
0
 def run(self):
     try:
         ip_whois = IPWhois(self._dst_ip)
         raw_res = ip_whois.lookup()
         res = []
         for k,v in raw_res.iteritems():
             if not v is None:
                 res.append("%s: %s" % (k,v))
         return ",".join(res)
     except Exception, e:
          return ""
Exemplo n.º 23
0
 def test_get_rws(self):
     from ipwhois.ipwhois import NIC_WHOIS
     result = IPWhois('74.125.225.229')
     try:
         self.assertIsInstance(result.get_rws(NIC_WHOIS['arin']['url'].format('74.125.225.229')), dict)
     except WhoisLookupError:
         pass
     except AssertionError as e:
         raise e
     except Exception as e:
         self.fail('Unexpected exception raised: %r' % e)
Exemplo n.º 24
0
def check_ip(ip):
    from app.models.models import Ip
    ip_inst = db_session.session.query(Ip).get(ip)
    if ip_inst:
        return ip_inst
    ip_data = IPWhois(ip).lookup()
    ip_inst = Ip(ip=ip,
                 provider_id=_get_provider(ip_data.get('asn')),
                 country_id=ip_data['nets'][0]['country'],
                 description=ip_data['nets'][0]['description'])
    db_session.session.add(ip_inst)
    return ip_inst
Exemplo n.º 25
0
 def extract_whois(self, ip): # extract whois description
     try:
         if re.match(r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', ip): # only IPs
             w = IPWhois(ip, timeout=5) # timeout 5
             res = w.lookup_whois(retry_count=2) # legacy whois / retries 2
             descr = res["nets"][0]['description']
             if self.options.verbose:
                 print"[Verbose] - Resolving:", ip
         else:
             descr = None
     except:
         descr = None
     return descr
Exemplo n.º 26
0
def check_site_hosting(url):
	urlbreakdown = urlparse.urlparse(url);
	netlocation = urlbreakdown.netloc;
	#urlcentre = url.split("://")[1].strip("/");
	if netlocation[-12:] == "crowdmap.com":
		owner = "crowdmap"
	else:
		ipaddress = socket.gethostbyname(netlocation);
		#response = os.system("ping -c 1 " + ipaddress); #0 = site's up and okay
		obj = IPWhois(ipaddress);
		res=obj.lookup();
		owner = res['nets'][0]['description'];
	return(owner)
Exemplo n.º 27
0
    def gather(self, all_ips):

        for path, incoming_ip_obj in all_ips.iteritems():

            if incoming_ip_obj[0].ip_whois == "":

                try:
                    print "Gathering whois information about " + incoming_ip_obj[0].ip_address
                    ip_whois = IPWhois(incoming_ip_obj[0].ip_address)
                    incoming_ip_obj[0].ip_whois = ip_whois.lookup()
                except IPDefinedError:
                    print helpers.color("[*] Error: Private IP address, skipping IP!", warning=True)
        return
Exemplo n.º 28
0
    def analyze(ip, results):
        links = set()

        r = IPWhois(ip.value)
        result = r.lookup_whois()
        results.update(raw=pformat(result))

        # Let's focus on the most specific information
        # Which should be in the smallest subnet
        n = 0
        smallest_subnet = None

        for network in result['nets']:
            cidr_bits = int(network['cidr'].split('/')[1].split(',')[0])
            if cidr_bits > n:
                n = cidr_bits
                smallest_subnet = network

        if smallest_subnet:
            # Create the company
            company = Company.get_or_create(
                name=smallest_subnet['description'].split("\n")[0])
            links.update(ip.active_link_to(company, 'hosting', 'Network Whois'))

            # Link it to every email address referenced
            if smallest_subnet['emails']:
                for email_address in smallest_subnet['emails']:
                    email = Email.get_or_create(value=email_address)
                    links.update(company.link_to(email, None, 'Network Whois'))

            # Copy the subnet info into the main dict
            for key in smallest_subnet:
                if smallest_subnet[key]:
                    result["net_{}".format(key)] = smallest_subnet[key]

        # Add the network whois to the context if not already present
        for context in ip.context:
            if context['source'] == 'network_whois':
                break
        else:
            # Remove the nets info (the main one was copied)
            result.pop("nets", None)
            result.pop("raw", None)
            result.pop("raw_referral", None)
            result.pop("referral", None)
            result.pop("query", None)

            result['source'] = 'network_whois'
            ip.add_context(result)

        return list(links)
	def classify(self, phish):
		RHList = []
		sender = extract_email(phish, "From")
		receiver = extract_email(phish, "To")

		if (sender, receiver) not in self.srp:
			return False
			
		srp = self.srp[(sender, receiver)]
		if phish.get_all("Received"):
			for recHeader in phish.get_all("Received"):
				recHeader = ReceivedHeader(recHeader)
				if not "from" in recHeader.breakdown.keys():
					RHList.append("None")
					continue
				elif self.public_domain(recHeader.breakdown["from"]):
					ip = self.public_domain(recHeader.breakdown["from"])
				elif self.public_IP(recHeader.breakdown["from"]):
					ip = self.public_IP(recHeader.breakdown["from"])
				else:
					# RHList.append("InvalidFrom")
					RHList.append("Invalid")
					continue
				try:
					# import pdb; pdb.set_trace()
					if ip in self.seen_pairings.keys():
						RHList.append(self.seen_pairings[ip])
					else:
						obj = IPWhois(ip)
						results = obj.lookup()
						if "nets" not in results.keys() or "cidr" not in results["nets"][0].keys():
							cidr = ip + "/32"
						else:
							cidr = results["nets"][0]["cidr"]
						RHList.append(cidr)
						self.seen_pairings[ip] = cidr
				except:
					# RHList.append("InvalidIPWhoIs")
					RHList.append("Invalid")
					self.seen_pairings[ip] = "Invalid"
		if RHList not in srp.received_header_sequences:
			if srp.received_header_sequences:
				bestEditDist = None
				for lst in srp.received_header_sequences:
					ed = editdistance.eval(RHList, lst)
					if bestEditDist == None or bestEditDist > ed:
						bestEditDist = ed
				if bestEditDist > self.EDIT_DISTANCE_THRESHOLD:
					return True
		return False
Exemplo n.º 30
0
def get_cidre_from_lookup(ip, field):
    if ip not in "0.0.0.0":
        obj = IPWhois(ip)
        res=obj.lookup()
        if field == 'range':
            return res['nets'][-1]['range']
        elif field == 'description':
            return res['nets'][-1]['description']
        elif field == 'cidr':
            return res['nets'][-1]['cidr']
        else:
            return None
    else:
        return None
Exemplo n.º 31
0
    def read_asn(self):
        for key in self.new_dict.keys():
            self.new_dict[key]['ASN_m3u8'] = ["NONE"]
            self.new_dict[key]['ASN_childm3'] = ["NONE"]
            self.new_dict[key]['ASN_ts'] = ["NONE"]
            try:
                if "NONE" not in self.new_dict[key]["MainM3U8ip"]:
                    x = self.new_dict[key]['MainM3U8ip']
                    for ip in x:
                        res = IPWhois(ip).lookup_whois()
                        self.new_dict[key]['ASN_m3u8'].append("AS" +
                                                              res['asn'])
                        try:
                            self.new_dict[key][
                                'HOST_m3u8'] = socket.gethostbyaddr(ip)
                        except socket.herror as e:
                            self.new_dict[key][
                                'HOST_m3u8'] = "cant reverse lookup"
                    self.new_dict[key]['ASN_m3u8'].remove('NONE')

                if "NONE" not in self.new_dict[key]["child_m3ips"]:
                    y = self.new_dict[key]['child_m3ips']
                    for ip in y:
                        # print(self.new_dict[key]['child_m3ips'])
                        res1 = IPWhois(ip).lookup_whois()
                        self.new_dict[key]['ASN_childm3'].append("AS" +
                                                                 res1['asn'])

                    self.new_dict[key]['ASN_childm3'].remove('NONE')
                if "NONE" not in self.new_dict[key][".ts ips"]:
                    z = self.new_dict[key]['.ts ips']
                    # print (z)
                    for ip in z:
                        res1 = IPWhois(ip[0]).lookup_whois()
                        self.new_dict[key]['ASN_ts'].append("AS" + res1['asn'])
                    self.new_dict[key]['ASN_ts'].remove('NONE')

            except (ipwhois.exceptions.WhoisRateLimitError,
                    ipwhois.exceptions.WhoisLookupError,
                    ipwhois.exceptions.ASNRegistryError,
                    ipwhois.exceptions.HTTPLookupError) as e:
                self.new_dict[key]['status'] = str(e)
Exemplo n.º 32
0
def whois_hunt(self):
    file = path.exists('Temporary/results.txt')
    if file == True:
        os.remove('Temporary/results.txt')
    else:
        pass
    import definitico  # fare error handling
    getvar = self.Type_an_IP_AddressIPHUNTER.text()
    obj = IPWhois(getvar)  # DATI
    self.res = obj.lookup_whois()  # INFORMAZIONI
    self.formattedres = json.dumps(self.res, indent=2)

    self.label_7.setText(self.formattedres)

    f = open("Temporary/results.txt", "a")
    f.write(
        "\n************************** NMAP SCAN *******************************"
    )

    f.write(str(self.formattedres))
Exemplo n.º 33
0
            def priv_handler(client, actor, recipient, message):
                self.root_logger.debug('privmsggot:' + message + ' from ' +
                                       actor)

                if "!help" in message:
                    self.client.msg(recipient, "Help on it's way...try these:")
                    self.client.msg(
                        recipient,
                        "!quote  --get a quote from my buddy Mos Def")
                    self.client.msg(recipient, "!panic  --panic (or not )")
                    self.client.msg(
                        recipient,
                        "!ipinfo --do a geoip lookup on an ip address")
                    self.client.msg(
                        recipient,
                        "!ipwhois --do a whois lookup on an ip address")

                if "!quote" in message:
                    self.client.msg(recipient, getQuote())

                if "!panic" in message:
                    self.client.msg(recipient, random.choice(panics))

                if '!ipwhois' in message:
                    for field in message.split():
                        if isIP(field):
                            ip = netaddr.IPNetwork(field)[0]
                            if (not ip.is_loopback() and not ip.is_private()
                                    and not ip.is_reserved()):
                                whois = IPWhois(ip).lookup_whois()
                                description = whois['nets'][0]['description']
                                self.client.msg(
                                    recipient, "{0} description: {1}".format(
                                        field, description))
                            else:
                                self.client.msg(
                                    recipient,
                                    "{0}: hrm..loopback? private ip?".format(
                                        field))

                if "!ipinfo" in message:
                    for i in message.split():
                        if isIP(i):
                            ip = netaddr.IPNetwork(i)[0]
                            if (not ip.is_loopback() and not ip.is_private()
                                    and not ip.is_reserved()):
                                self.client.msg(
                                    recipient, "{0} location: {1}".format(
                                        i, ipLocation(i)))
                            else:
                                self.client.msg(
                                    recipient,
                                    "{0}: hrm..loopback? private ip?".format(
                                        i))
Exemplo n.º 34
0
def whoislookup():
    data = raw_input("Enter a domain or IP: ")
    whois_result = pythonwhois.get_whois(data)
    if "raw" in whois_result:
        if "No match" in str(whois_result["raw"][0]):
            print ""
        else:
            print str(whois_result)
    else:
        print ""
    try:
        from warnings import filterwarnings
        filterwarnings(action="ignore")
        from ipwhois import IPWhois
        from pprint import pprint
        obj = IPWhois(data)
        results = obj.lookup_whois(inc_nir=True)
        pprint(results)
    except:
        print ""
Exemplo n.º 35
0
def do_whois(list_of_ips):
    print ("[+] performing whois on all " + str(len(list_of_ips)) + " ip addresses ...")
    results = []
    for ip in list_of_ips:
        if ip == "":
            results.append("<no result>")
            continue
        try:
            obj = IPWhois(ip)
            info = obj.lookup_whois()
            owner = info["nets"][0]["description"]
            owner = owner.strip()
            owner = owner.replace('\n',' ').replace('\r',' ')
            print (owner)
            results.append(owner)
        except:
            results.append("<no result>")
            continue
    #print (results)
    return results
Exemplo n.º 36
0
def get_data(ip):
    try:
        obj = IPWhois(ip)
        results = json.loads(json.dumps(obj.lookup()))['nets'][0]
        owner = results['name'].strip()
        country = results['country'].strip()
        org = get_org(ip)
        server = get_server(ip)
        desc = ' '.join(results['description'].split('\n'))
        text = '%s, %s, %s, %s, %s,%s' % (ip, owner, country, org, server,
                                          desc)
        table.append(text.split(','))
    except requests.exceptions.Timeout:
        msg = 'Timeout - %s' % ip
        exceptions.append(msg)
    except requests.exceptions.ConnectionError:
        msg = 'Connection error - %s' % ip
        exceptions.append(msg)
    except Exception as e:
        exceptions.append(str(e))
Exemplo n.º 37
0
def ip_whois(ip: str) -> str:
    global WHOIS
    if WHOIS is None:
        with open("cache/whois.json") as fp:
            WHOIS = json.load(fp)
    if ip in ['127.0.0.1', '0.0.0.0']:
        return "localhost"
    if ip in WHOIS:
        return WHOIS[ip]
    try:
        obj = IPWhois(ip)
        res = obj.lookup_whois()
        desc = res.get("asn_description")
        WHOIS[ip] = desc
    except Exception as e:
        print(str(e))
        desc = ""
    print(desc)
    # sys.exit()
    return desc
Exemplo n.º 38
0
def FindAbuse(
    NotCheckedURL
):  #main function, that returns abuse email adress for any giver URL
    finalstring = ''

    NotDecyphered = DecypherURL(NotCheckedURL)
    domainName = ShortenURL(NotDecyphered)
    try:
        ipadresss = (socket.gethostbyname(domainName)
                     )  # Getting IP adress for given www
        obj = IPWhois(ipadresss)
        results = obj.lookup_rdap(depth=1)  # getting whois info
        resstring = json.dumps(
            results)  # getting string from results which is a dict
        # print(resstring)           #used for debugging and showing full whois info
        abusemail = FindByString(resstring)
        finalstring = finalstring + abusemail + ' ' + domainName + ' ' + ipadresss
    except socket.error:
        print(domainName + " ERROR_Incorrect_web_adress_given_ERROR")
    return finalstring
Exemplo n.º 39
0
def geowhois(x):
    try:
        obj = IPWhois(x)
        results = obj.lookup_rdap()
        ip = results['query']
        country = results['asn_country_code']
        description = results['asn_description']
        cidr = results['asn_cidr']
        date = results['asn_date']
        holder1['WHOISCOUNTRY'] = country
        holder1['WHOISDESC'] = description
        holder1['WHOISCIDR'] = cidr
        holder1['WHOISDATE'] = date
    except (KeyboardInterrupt):
        sys.exit(1)
    except Exception as e:
        holder1['WHOISCOUNTRY'] = str(e)
        holder1['WHOISDESC'] = 'error'
        holder1['WHOISCIDR'] = 'error'
        holder1['WHOISDATE'] = 'error'
Exemplo n.º 40
0
def whois_ip(self):
    import definitico
    file = path.exists('Temporary/results.txt')
    if file == True:
        os.remove('Temporary/results.txt')
    else:
        pass  # fare error handling

    try:
        getvar = self.Type_an_IP_Address_WHOIS.text()
        obj = IPWhois(getvar)  # DATI
        self.res = obj.lookup_whois()  # INFORMAZIONI
        self.formattedres = json.dumps(self.res, indent=2)

        self.output_whois.setText(self.formattedres)

        f = open("Temporary/results.txt", "a")
        f.write(str(self.formattedres))
    except ValueError:
        self.output_whois.setText("Value error: Please try again")
Exemplo n.º 41
0
def getWhois(ipaddress):
    try:
        whois = dict()
        ip = netaddr.IPNetwork(ipaddress)[0]
        if (not ip.is_loopback() and not ip.is_private() and not ip.is_reserved()):
            whois = IPWhois(netaddr.IPNetwork(ipaddress)[0]).lookup_whois()

        whois['fqdn']=socket.getfqdn(str(netaddr.IPNetwork(ipaddress)[0]))
        return (json.dumps(whois))
    except Exception as e:
        sys.stderr.write('Error looking up whois for {0}: {1}\n'.format(ipaddress, e))
Exemplo n.º 42
0
 def whois(self, dom: Domain, interactive: bool, verbose: bool) -> int:
     """Scrape WHOIS data for the org or asn_description."""
     # Make sure we have Ip addresses to check
     try:
         if len(dom.ip) <= 0:
             raise NoIPaddress
     except NoIPaddress:
         return 1
     # Define temp list to assign
     whois_data = []
     # Iterate through all the IP addresses in object
     for ip in dom.ip:
         try:
             response = IPWhois(ip)
             # These two should be where we can find substrings hinting to CDN
             try:
                 org = response.lookup_whois()["asn_description"]
                 if org != "BAREFRUIT-ERRORHANDLING":
                     whois_data.append(org)
             except AttributeError:
                 pass
             try:
                 org = response.lookup_rdap()["network"]["name"]
                 if org != "BAREFRUIT-ERRORHANDLING":
                     whois_data.append(org)
             except AttributeError:
                 pass
         except HTTPLookupError:
             pass
         except IPDefinedError:
             pass
         except ASNRegistryError:
             pass
         except Exception as e:
             if interactive or verbose:
                 print(f"[{e}]: {dom.url} for {ip}")
     for data in whois_data:
         if data not in dom.whois_data:
             dom.whois_data.append(data)
     # Everything was successful
     return 0
Exemplo n.º 43
0
def get_whois_info(ip_str: str,
                   show_progress: bool = False) -> Tuple[str, dict]:
    """
    Retrieve whois ASN information for given IP address using IPWhois python package.

    Parameters
    ----------
    ip_str : str
        IP Address to look up.
    show_progress : bool, optional
        Show progress for each query, by default False

    Returns
    -------
    IP
        Details of the IP data collected

    Notes
    -----
    This function uses the Python functools lru_cache and
    will return answers from the cache for previously queried
    IP addresses.

    """
    ip_type = get_ip_type(ip_str)
    if ip_type == "Public":
        try:
            whois = IPWhois(ip_str)
            whois_result = whois.lookup_whois()
            if show_progress:
                print(".", end="")
            return whois_result["asn_description"], whois_result
        except (
                HTTPLookupError,
                HTTPRateLimitError,
                HostLookupError,
                WhoisLookupError,
                WhoisRateLimitError,
        ) as err:
            return f"Error during lookup of {ip_str} {type(err)}", {}
    return f"No ASN Information for IP type: {ip_type}", {}
Exemplo n.º 44
0
def lookup_ip(ipaddr):
    global recorded_ipmeta, total_ipmeta
    if not ipaddr in dic_ip:
        dic_ip[ipaddr] = {}
        dic_ip[ipaddr]['as_description'] = ''
        dic_ip[ipaddr]['as_id'] = ''
        dic_ip[ipaddr]['as_country_code'] = ''
        dic_ip[ipaddr]['domain'] = ''
        total_ipmeta = total_ipmeta + 1
        try:
            obj = IPWhois(str(ipaddr), timeout=1)
            results = obj.lookup_rdap(depth=1, rate_limit_timeout=60)
            dic_ip[ipaddr]['as_description'] = str(
                results['asn_description']).strip()
            dic_ip[ipaddr]['as_id'] = str(results['asn']).strip()
            dic_ip[ipaddr]['as_country_code'] = str(
                results['asn_country_code']).strip()
            completed_proc = subprocess.run(
                ['host', '-W', '1', str(ipaddr)], stdout=subprocess.PIPE)
            domain_res = str(
                completed_proc.stdout.decode('utf-8')).rstrip().lower()
            # print(domain_res)
            if 'not found' in domain_res or 'timed out' in domain_res or 'no PTR record' in domain_res:
                dic_ip[ipaddr]['domain'] = 'unknown'
            else:
                dic_ip[ipaddr]['domain'] = domain_res.split(' ')[-1]
                recorded_ipmeta = recorded_ipmeta + 1
        except Exception:
            dic_ip[ipaddr]['as_description'] = ''
            dic_ip[ipaddr]['as_id'] = ''
            if (dic_ip[ipaddr]['domain'] == ''):
                dic_ip[ipaddr]['domain'] = 'unknown'
        # cache ipmeta
        if (len(dic_ip) % 30 == 0):
            print('[cached ip_meta] recorded ratio=%d/%d' %
                  (recorded_ipmeta, len(dic_ip)))
            ipinfo_file = open('./ipmeta.txt', 'w')
            ipinfo_dump = json.dumps(dic_ip)
            ipinfo_file.write(ipinfo_dump)
            ipinfo_file.close()
    return dic_ip[ipaddr]
Exemplo n.º 45
0
 def _do(ip_, whois_ttl):
     data = {}
     if not HAS_IPWHOIS:
         return data
     try:
         wreg = __salt__[
             'mc_macros.get_local_registry'](
                 'whois_data', registry_format='pack')
         if ip in wreg:
             if time.time() >= wreg[ip]['t'] + whois_ttl:
                 del wreg[ip]
         data = wreg.get(ip, {}).get('data', {})
         if not data:
             data = IPWhois(ip).lookup()
         cdata = wreg.setdefault(ip, {})
         cdata.setdefault('t', time.time())
         cdata.setdefault('data', data)
         search_data = {'ovh': ['ovh', 'sys'],
                        'phpnet': ['phpnet'],
                        'online': ['proxad',
                                   'illiad',
                                   'iliad']}
         search_data['sys'] = search_data['ovh']
         for provider, search_terms in search_data.items():
             for i in search_terms:
                 for j in data.get('nets', []):
                     for k, val in j.items():
                         if k in ['abuse_emails',
                                  'description',
                                  'handle',
                                  'name']:
                             if val and i in val.lower():
                                 data['is_{0}'.format(provider)] = True
                                 break
         __salt__['mc_macros.update_local_registry'](
             'whois_data', wreg,
             registry_format='pack')
     except Exception:
         log.error(traceback.format_exc())
         data = {}
     return data
Exemplo n.º 46
0
def get_cidr_info(ip_address):

    for p in private_subnets:
        if ip_address in p:
            return str(p), 'Non-Public Subnet'

    try:
        res = IPWhois(ip_address).lookup_whois(get_referral=True)
    except Exception:
        try:
            res = IPWhois(ip_address).lookup_whois()
        except Exception as e:
            display_error("Error trying to resolve whois: {}".format(e))
            res = {}
    if not res.get('nets', []):

        display_warning(
            "The networks didn't populate from whois. Defaulting to a /24.")
        # again = raw_input("Would you like to try again? [Y/n]").lower()
        # if again == 'y':
        #     time.sleep(5)
        # else:

        return '{}.0/24'.format('.'.join(
            ip_address.split('.')[:3])), "Whois failed to resolve."

    cidr_data = []

    for net in res['nets']:
        for cd in net['cidr'].split(', '):

            cidr_data.append([
                len(IPNetwork(cd)), cd,
                net['description'] if net['description'] else ""
            ])
    try:
        cidr_data.sort()
    except Exception as e:
        display_error("Error occured: {}".format(e))
        pdb.set_trace()
    return cidr_data[0][1], cidr_data[0][2]
Exemplo n.º 47
0
def _whois_ip(ip):
    result = {}
    obj = None
    try:
        obj = IPWhois(ip)
        result = obj.lookup_whois(inc_raw=False)
        logging.debug(result["nets"])
    except Exception as e:
        logging.debug(e)
        result["error"] = str(e)
        result["query"] = str(ip)

    if result:
        result["reverse"] = None
        try:
            rev = obj.net.get_host()
        except Exception as e:
            logging.debug(e)
            #result["reverse"] = str(e)

    return result
Exemplo n.º 48
0
    def get_ip_info(self, ip):
        """
        Retrieves pertinent fields from IP WHOIS information
        """
        cached_info = self.get_cache(ip)

        if len(cached_info) == 0:
            try:
                request = IPWhois(ip)
                result = request.lookup_rdap(depth=1)
                cidr = result['asn_cidr']
                country = result['asn_country_code']
                self.set_cache(ip, cidr, country)
            except Exception:
                cidr = ''
                country = ''
        else:
            cidr = cached_info[0][0]
            country = cached_info[0][1]

        return {'cidr': cidr, 'country_code': country}
Exemplo n.º 49
0
def lookup(ip, rdap=False):
    obj = IPWhois(ip)
    if rdap:
        return obj.lookup_rdap(asn_methods=['dns', 'whois', 'http'])
    else:
        try:
            field_list = [
                'name', 'cidr', 'handle', 'description', 'country', 'state',
                'city', 'address', 'postal_code', 'emails', 'created',
                'updated'
            ]
            ret = obj.lookup_whois(get_referral=True,
                                   get_recursive=False,
                                   asn_methods=['dns', 'whois', 'http'],
                                   field_list=field_list)
        except WhoisLookupError:
            ret = obj.lookup_whois(asn_methods=['dns', 'whois', 'http'])
        # remove some fields that clutter
        for x in ['raw', 'raw_referral']:
            ret.pop(x, None)
        return ret
Exemplo n.º 50
0
    def run_rdap(self, ip_address):
        """Perform an RDAP lookup for an IP address. An RDAP lookup object is returned.

        From IPWhois: IPWhois.lookup_rdap() is now the recommended lookup method. RDAP provides
        a far better data structure than legacy whois and REST lookups (previous implementation).
        RDAP queries allow for parsing of contact information and details for users, organizations,
        and groups. RDAP also provides more detailed network information.
        """
        try:
            with warnings.catch_warnings():
                # Hide the 'allow_permutations has been deprecated' warning until ipwhois removes it
                warnings.filterwarnings("ignore", category=UserWarning)
                rdapwho = IPWhois(ip_address)
                results = rdapwho.lookup_rdap(depth=1)

            return results
        except Exception as error:
            print(
                red("[!] Failed to collect RDAP information for {}!").format(
                    ip_address))
            print(red("L.. Details: {}".format(error)))
Exemplo n.º 51
0
def get_names(ip_address):
    obj = IPWhois(ip_address)
    results = obj.lookup_rdap(depth=0, inc_nir=False, asn_methods=['whois'])
    resulting_objects = results['objects']

    names = []
    for item in resulting_objects:
        if 'contact' not in resulting_objects[item]:
            continue

        if 'address' not in resulting_objects[item]['contact']:
            continue

        if resulting_objects[item]['contact']['address'] is None:
            continue

        for address in resulting_objects[item]['contact']['address']:
            if address['value'] is not None:
                names.append(address['value'])

    return names
Exemplo n.º 52
0
def domain_whois(domain):
    try:
        ip_addr = domaintoip(domain)
        data = IPWhois(ip_addr)
        out = data.lookup()
        city_data = out["nets"][0]['city']
        country_data = out["nets"][0]['country']
        description_data = out["nets"][0]['description']
        emails_data = out["nets"][0]['emails']
        name_data = out["nets"][0]['name']
        range_data = out["nets"][0]['range']
        state_data = out["nets"][0]['range']

        out_email = ("".join(map(str, emails_data)))

        save_data = whoisinfo_db(ip=(ip_addr), sh_domain=(domain), city=(city_data), country=(country_data),
                                 description=(description_data), emails=(out_email), name=(name_data),
                                 range=(range_data), state=(state_data))
        save_data.save()
    except Exception as error:
        print error
Exemplo n.º 53
0
def get_rdap_registry_info(ip_input, rdap_depth):
    """Gathers registry info in RDAP protocol

    Arguments:
        ip_input {string} -- Artifact.value
        rdap_depth {int} -- 0,1 or 2

    Returns:
        {object} -- Registry info, RDAP Protocol
    """
    try:
        internet_protocol_address_object = IPWhois(ip_input,allow_permutations=True)
        try:
            rdap_response = internet_protocol_address_object.lookup_rdap(rdap_depth)
            if internet_protocol_address_object.dns_zone:
                rdap_response["dns_zone"] = internet_protocol_address_object.dns_zone
            return rdap_response
        except exceptions.ASNRegistryError as e:
            logging.error(traceback.format_exc())
    except:
        logging.error(traceback.format_exc())
Exemplo n.º 54
0
def count_countries(conn):
    countries = {}
    netstat = IPWhois(str(conn.raddr[0])).lookup_whois()
    jsonOut = json.dumps(netstat, indent=4)
    country = netstat["nets"][0]["country"]

    if country in countries:
        countries[country] += 1
    else:
        countries[country] = 1

    return countries
Exemplo n.º 55
0
def do_whois_lookup(ip_address):
    """
    Do the whois lookup for given IP address.
    :param ip_address: IP address to be whois-looked up.
    :return: Response object for the lookup.
    """
    logging.info("performing whois lookup for %s", ip_address)

    try:
        return IPWhois(ip_address).lookup_whois()
    except IpwhoisException:
        logging.exception("IP whois lookup failed for %s", ip_address)
Exemplo n.º 56
0
def __lookup_ip(normed_ip: str) -> str:
    try:
        who = IPWhois(normed_ip).lookup_rdap()
        cidr = who["network"]["cidr"]
        asn_cidr = who["asn_cidr"]
        return cidr if cidr == asn_cidr else (cidr + ' ' + asn_cidr)
    except (urllib.error.HTTPError, exceptions.HTTPLookupError,
            exceptions.IPDefinedError, ASNRegistryError) as ex:
        LOGGER.warning("IP Lookup for %s fail", normed_ip)
        LOGGER.warning("return ip instead of network")
        LOGGER.debug(ex)
        return normed_ip
Exemplo n.º 57
0
def get_city_by_ip(request):
    return DEFAULT_CITY
    try:
        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
        if x_forwarded_for:
            ip = x_forwarded_for.split(',')[0]
        else:
            ip = request.META.get('REMOTE_ADDR')
        result = IPWhois(ip).lookup()
    except IndexError:
        return DEFAULT_CITY
    return DEFAULT_CITY
Exemplo n.º 58
0
    def execute(self, quals, columns):
        intrusion_set_list = []
        conn_string = _conn_string
        query = "MATCH (a:ioc) WHERE a.type=\'ip\' AND a.value <> \'-\' AND a.value <> \'\' " \
                "AND a.value <> \'0.0.0.0\' AND a.value <> \'10.10.10.1\' RETURN DISTINCT a.value AS ip_value"

        try:
            conn = ag.connect(conn_string)
            cur = conn.cursor()

            cur.execute(query)
            while True:
                records = cur.fetchall()
                if not records:
                    break

                for i in range(0, len(records)):
                    line = dict()
                    indicator_ip = records[i][0]
                    obj = IPWhois(indicator_ip)
                    try:
                        res = obj.lookup_rdap(asn_methods=['whois', 'dns'])
                    except:
                        continue
                    for column_name in self.columns:
                        if (column_name == 'ip'):
                            line[column_name] = indicator_ip
                        elif (column_name == 'asn'):
                            line[column_name] = res['asn']
                        elif (column_name == 'country_code'):
                            line[column_name] = res['asn_country_code']
                        elif (column_name == 'date'):
                            line[column_name] = res['asn_date']
                        elif (column_name == 'description'):
                            line[column_name] = res['asn_description']
                        elif (column_name == 'registry'):
                            line[column_name] = res['asn_registry']
                    yield line
        except Exception, e:
            log_to_postgres(e)
Exemplo n.º 59
0
    def _whois(self, _type, target=None):
        """ perform whois on domain or ipv4 addr """

        res = []
        try:
            if target:
                if _type == 'domain':
                    res.append(whois.whois(target))
                else:
                    obj = IPWhois(target)
                    res.append(obj.lookup_rdap(depth=1))
            else:
                if _type == 'domain':
                    log = self._read_log('domainname')
                else:
                    log = self._read_log('ipv4addr')
                for target in log:
                    if target:
                        if _type == 'domain':
                            res.append(whois.whois(target))
                        else:
                            obj = IPWhois(target)
                            res.append(obj.lookup_rdap(depth=1))
        except:
            pass

        return res
    def orgGroups(self, sender, mID):
        # import pdb; pdb.set_trace()
        try:
            newmID = "www." + mID
            afterAT = "www." + sender[sender.index("@") + 1:]

            if newmID in self.domainCompanyPairing.keys():
                res1 = self.domainCompanyPairing[newmID]
            else:
                ip1 = socket.gethostbyname(newmID)
                obj1 = IPWhois(ip1)
                res1 = obj1.lookup(get_referral=True)['nets'][0]['name']
                self.domainCompanyPairing[newmID] = res1

            if afterAT in self.domainCompanyPairing.keys():
                res2 = self.domainCompanyPairing[afterAT]
            else:
                ip2 = socket.gethostbyname(afterAT)
                obj2 = IPWhois(ip2)
                res2 = obj2.lookup(get_referral=True)['nets'][0]['name']
                self.domainCompanyPairing[afterAT] = res2

            if res1 == res2:
                return True
            return False
        except:
            return False