def main(ip):
obj = IPWhois(ip)
try:
results = obj.lookup_rdap(depth=1)
except:
results = None
return results
def check_addr_type(addr, addr_dict):
if addr != local and not any([pattern.match(addr) for pattern in pattern_list]):
obj = IPWhois(addr)
results = obj.lookup()
domain = results['nets'][0]['name']
if domain is not None:
addr_dict[addr] = domain
def test_lookup(self):
ips = [
'74.125.225.229', # ARIN
'2001:4860:4860::8888',
'62.239.237.1', # RIPE
'2a00:2381:ffff::1',
'210.107.73.73', # APNIC
'2001:240:10c:1::ca20:9d1d',
'200.57.141.161', # LACNIC
'2801:10:c000::',
'196.11.240.215', # AFRINIC
'2001:43f8:7b0::'
]
for ip in ips:
result = IPWhois(ip)
try:
self.assertIsInstance(result.lookup(), dict)
except (ASNLookupError, ASNRegistryError, WhoisLookupError):
pass
except AssertionError as e:
raise e
except Exception as e:
self.fail('Unexpected exception raised: %r' % e)
def orgGroups(self, sender, mID):
# import pdb; pdb.set_trace()
try:
newmID = "www." + mID
afterAT = "www." + sender[sender.index("@")+1:]
if newmID in self.domainCompanyPairing.keys():
res1 = self.domainCompanyPairing[newmID]
else:
ip1 = socket.gethostbyname(newmID)
obj1 = IPWhois(ip1)
res1 = obj1.lookup(get_referral=True)['nets'][0]['name']
self.domainCompanyPairing[newmID] = res1
if afterAT in self.domainCompanyPairing.keys():
res2 = self.domainCompanyPairing[afterAT]
else:
ip2 = socket.gethostbyname(afterAT)
obj2 = IPWhois(ip2)
res2 = obj2.lookup(get_referral=True)['nets'][0]['name']
self.domainCompanyPairing[afterAT] = res2
if res1 == res2:
return True
return False
except:
return False
def get_remote_whos(url):
try:
obj = IPWhois(DomainCheck.get_remote_IP(url))
results = obj.lookup_rdap(depth=1)
pprint(results)
except socket.error:
print("Error no connection .. WHOS")
def cmd_whois_ip(ip):
"""Simple whois client to check IP addresses (IPv4 and IPv6).
Example:
\b
$ habu.whois.ip 8.8.8.8
{
"nir": null,
"asn_registry": "arin",
"asn": "15169",
"asn_cidr": "8.8.8.0/24",
"asn_country_code": "US",
"asn_date": "1992-12-01",
"asn_description": "GOOGLE - Google LLC, US",
"query": "8.8.8.8",
...
"""
warnings.filterwarnings("ignore")
obj = IPWhois(ip)
data = obj.lookup_rdap()
print(json.dumps(data, indent=4))
def _whois(ip_pk):
ip = IPv4Whois.objects.get(pk=ip_pk)
ip.status = IPv4Whois.STATUS_LOOKING_UP_WHOIS
ip.save()
obj = IPWhois(ip.address, timeout=9)
try:
results = obj.lookup_rdap()
except Exception as exc:
ip.status = IPv4Whois.STATUS_LOOKUP_WHOIS_FAILED
ip.save()
raise exc
ip.whois = json.dumps(results)
ip.status = IPv4Whois.STATUS_LOOKUP_WHOIS_SUCCESS
ip.save()
kafka_msg = {
'IP': ip.address,
'Whois': results,
'Host': settings.EXTERNAL_IP,
'Timestamp': datetime.utcnow().isoformat(),
}
send_to_kafka('results', kafka_msg)
def getCIDR(cls, ip):
if Lookup.offline:
Lookup.cidr_tot += 1
for cidr in Lookup.seen_pairings_keys:
ip_bin = getBinaryRep(ip, cidr)
if ip_bin in Lookup.seen_pairings[cidr]:
Lookup.cidr_hit += 1
return ip_bin
return getBinaryRep(ip, 32)
else:
Lookup.cidr_tot += 1
try:
if ip in Lookup.seen_pairings:
Lookup.cidr_hit += 1
return Lookup.seen_pairings[ip]
else:
obj = IPWhois(ip)
results = obj.lookup()
if "nets" not in results.keys() or "cidr" not in results["nets"][0].keys():
cidr = ip + "/32"
else:
cidr = results["nets"][0]["cidr"]
Lookup.seen_pairings[ip] = cidr
if cidr:
Lookup.cidr_hit += 1
return cidr
except:
Lookup.seen_pairings[ip] = "Invalid"
return "Invalid"
def set(self,pagenum,kw):
try:
url = 'http://www.ebay.com/sch/i.html?_from=R40&_sacat=0&LH_Complete=1&LH_Sold=1&LH_ItemCondition=3&_nkw=' + kw + '&_pgn=' + str(pagenum) + '&_ipg=200&rt=nc&_dmd=1'
if len(self.proxies) > 0:
countries = get_countries()
obj = IPWhois(self.proxies[0].split(':')[0])
results = obj.lookup(False)
if countries[results['nets'][0]['country']] == "United States":
if self.getfile(url,self.proxies[0],".ht") == "error":
print("Switching Proxy")
self.proxies.pop(0)
self.set(pagenum,kw)
else:
print(self.proxies[0])
else:
print(countries[results['nets'][0]['country']])
print("Non-US IP " + self.proxies[0].split(':')[0] + ": Switching Proxy")
self.proxies.pop(0)
self.set(pagenum,kw)
else:
print("No Proxies in Queue")
except Exception as e:
print(str(e))
def test_lookup_rws(self):
try:
from urllib.request import ProxyHandler, build_opener
except ImportError:
from urllib2 import ProxyHandler, build_opener
ips = [
'74.125.225.229', # ARIN
'2001:4860:4860::8888',
'62.239.237.1', # RIPE
'2a00:2381:ffff::1',
'210.107.73.73', # APNIC
'2001:240:10c:1::ca20:9d1d',
'200.57.141.161', # LACNIC
'2801:10:c000::',
'196.11.240.215', # AFRINIC
'2001:43f8:7b0::'
]
for ip in ips:
result = IPWhois(ip)
try:
self.assertIsInstance(result.lookup_rws(), dict)
except (ASNLookupError, ASNRegistryError, WhoisLookupError):
pass
except AssertionError as e:
raise e
except Exception as e:
self.fail('Unexpected exception raised: %r' % e)
handler = ProxyHandler({'http': 'http://0.0.0.0:80/'})
opener = build_opener(handler)
result = IPWhois('74.125.225.229', 0, opener)
self.assertRaises(WhoisLookupError, result.lookup_rws)
def whois(ip):
try:
obj = IPWhois(ip)
response = obj.lookup()
except ipwhois.exceptions.WhoisLookupError:
return None
return response
def geoinfo(self):
try:
data = IPWhois(self.ip)
return data.lookup(False)['nets'][0]
except:
#raise
return None
def performWhoIs(IP):
print()
print(timeStamp() + "* Performing WHOIS on " + IP)
obj = IPWhois(IP)
res = obj.lookup_whois()
print(timeStamp() + "- WHOIS name: " + res["nets"][0]['name'])
print(timeStamp() + "- WHOIS CIDR: " + res['asn_cidr'])
print(timeStamp() + "- More info at http://who.is/whois-ip/ip-address/" + IP)
def getIPandWhoIsData(self,url):
try:
ip=socket.gethostbyname(url);
obj=IPWhois(ip);
whoIsDict=obj.lookup();
whoIsDict['resolved_IP']=ip;
return {url : whoIsDict};
except Exception:
return dict();
def queryIP(self,ip):
try:
self.result['type'] = 'ip'
self.result['keyword'] = ip
self.ip = ip
ipwhois = IPWhois(self.ip)
self.result['whois'] = ipwhois.lookup()
except Exception as e:
self.result['exceptions'].append(e)
return self
def test_get_host(self):
result = IPWhois('74.125.225.229')
try:
self.assertIsInstance(result.get_host(), tuple)
except HostLookupError:
pass
except AssertionError as e:
raise e
except Exception as e:
self.fail('Unexpected exception raised: %r' % e)
def test_get_asn_whois(self):
result = IPWhois('74.125.225.229')
try:
self.assertIsInstance(result.get_asn_whois(), dict)
except (ASNLookupError, ASNRegistryError):
pass
except AssertionError as e:
raise e
except Exception as e:
self.fail('Unexpected exception raised: %r' % e)
def get_ipwhois(self, depth=1):
# Perform the RDAP lookup for self.addr retrieving all
# entities up to depth.
obj = IPWhois(self.addr)
ret = obj.lookup_rdap(depth=depth)
# Set the updated timestamp for cache expiration.
ret['updated'] = datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ')
return ret
def lookup(ip, rdap=False):
obj = IPWhois(ip)
if rdap:
# TODO: RDAP output includes less relevant info, needs a dedicated formatter
return obj.lookup_rdap()
else:
ret = obj.lookup_whois()
# remove some fields that clutter
for x in ['raw', 'raw_referral', 'referral']:
ret.pop(x, None)
return ret
def sitebilgilerinibul(site):
ip = socket.gethostbyname(site)
obje = IPWhois(ip)
obj = obje.lookup_whois()
eposta = obj["nets"][0]['emails']
desc = obj["nets"][0]['description']
print "Site\t: ", site, "\n"
print "IP adresi\t: ", ip
print "\nAçıklama\t: ", desc
print "\nEmails\t: \n"
print email
def resolveDomainIpwhois(dom):
print "... ipwhois"
i = 0
while(i < len(dom['ipaddr'])):
time.sleep(1)
ip_whois = IPWhois( dom['ipaddr'][i]['ipaddr'] )
dom['ipaddr'][i]['whois'] = ip_whois.lookup()
pprint(dom['ipaddr'][i]['whois'])
i += 1
def run(self):
try:
ip_whois = IPWhois(self._dst_ip)
raw_res = ip_whois.lookup()
res = []
for k,v in raw_res.iteritems():
if not v is None:
res.append("%s: %s" % (k,v))
return ",".join(res)
except Exception, e:
return ""
def test_get_rws(self):
from ipwhois.ipwhois import NIC_WHOIS
result = IPWhois('74.125.225.229')
try:
self.assertIsInstance(result.get_rws(NIC_WHOIS['arin']['url'].format('74.125.225.229')), dict)
except WhoisLookupError:
pass
except AssertionError as e:
raise e
except Exception as e:
self.fail('Unexpected exception raised: %r' % e)
def check_ip(ip):
from app.models.models import Ip
ip_inst = db_session.session.query(Ip).get(ip)
if ip_inst:
return ip_inst
ip_data = IPWhois(ip).lookup()
ip_inst = Ip(ip=ip,
provider_id=_get_provider(ip_data.get('asn')),
country_id=ip_data['nets'][0]['country'],
description=ip_data['nets'][0]['description'])
db_session.session.add(ip_inst)
return ip_inst
def extract_whois(self, ip): # extract whois description
try:
if re.match(r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', ip): # only IPs
w = IPWhois(ip, timeout=5) # timeout 5
res = w.lookup_whois(retry_count=2) # legacy whois / retries 2
descr = res["nets"][0]['description']
if self.options.verbose:
print"[Verbose] - Resolving:", ip
else:
descr = None
except:
descr = None
return descr
def check_site_hosting(url):
urlbreakdown = urlparse.urlparse(url);
netlocation = urlbreakdown.netloc;
#urlcentre = url.split("://")[1].strip("/");
if netlocation[-12:] == "crowdmap.com":
owner = "crowdmap"
else:
ipaddress = socket.gethostbyname(netlocation);
#response = os.system("ping -c 1 " + ipaddress); #0 = site's up and okay
obj = IPWhois(ipaddress);
res=obj.lookup();
owner = res['nets'][0]['description'];
return(owner)
def gather(self, all_ips):
for path, incoming_ip_obj in all_ips.iteritems():
if incoming_ip_obj[0].ip_whois == "":
try:
print "Gathering whois information about " + incoming_ip_obj[0].ip_address
ip_whois = IPWhois(incoming_ip_obj[0].ip_address)
incoming_ip_obj[0].ip_whois = ip_whois.lookup()
except IPDefinedError:
print helpers.color("[*] Error: Private IP address, skipping IP!", warning=True)
return
def analyze(ip, results):
links = set()
r = IPWhois(ip.value)
result = r.lookup_whois()
results.update(raw=pformat(result))
# Let's focus on the most specific information
# Which should be in the smallest subnet
n = 0
smallest_subnet = None
for network in result['nets']:
cidr_bits = int(network['cidr'].split('/')[1].split(',')[0])
if cidr_bits > n:
n = cidr_bits
smallest_subnet = network
if smallest_subnet:
# Create the company
company = Company.get_or_create(
name=smallest_subnet['description'].split("\n")[0])
links.update(ip.active_link_to(company, 'hosting', 'Network Whois'))
# Link it to every email address referenced
if smallest_subnet['emails']:
for email_address in smallest_subnet['emails']:
email = Email.get_or_create(value=email_address)
links.update(company.link_to(email, None, 'Network Whois'))
# Copy the subnet info into the main dict
for key in smallest_subnet:
if smallest_subnet[key]:
result["net_{}".format(key)] = smallest_subnet[key]
# Add the network whois to the context if not already present
for context in ip.context:
if context['source'] == 'network_whois':
break
else:
# Remove the nets info (the main one was copied)
result.pop("nets", None)
result.pop("raw", None)
result.pop("raw_referral", None)
result.pop("referral", None)
result.pop("query", None)
result['source'] = 'network_whois'
ip.add_context(result)
return list(links)
def classify(self, phish):
RHList = []
sender = extract_email(phish, "From")
receiver = extract_email(phish, "To")
if (sender, receiver) not in self.srp:
return False
srp = self.srp[(sender, receiver)]
if phish.get_all("Received"):
for recHeader in phish.get_all("Received"):
recHeader = ReceivedHeader(recHeader)
if not "from" in recHeader.breakdown.keys():
RHList.append("None")
continue
elif self.public_domain(recHeader.breakdown["from"]):
ip = self.public_domain(recHeader.breakdown["from"])
elif self.public_IP(recHeader.breakdown["from"]):
ip = self.public_IP(recHeader.breakdown["from"])
else:
# RHList.append("InvalidFrom")
RHList.append("Invalid")
continue
try:
# import pdb; pdb.set_trace()
if ip in self.seen_pairings.keys():
RHList.append(self.seen_pairings[ip])
else:
obj = IPWhois(ip)
results = obj.lookup()
if "nets" not in results.keys() or "cidr" not in results["nets"][0].keys():
cidr = ip + "/32"
else:
cidr = results["nets"][0]["cidr"]
RHList.append(cidr)
self.seen_pairings[ip] = cidr
except:
# RHList.append("InvalidIPWhoIs")
RHList.append("Invalid")
self.seen_pairings[ip] = "Invalid"
if RHList not in srp.received_header_sequences:
if srp.received_header_sequences:
bestEditDist = None
for lst in srp.received_header_sequences:
ed = editdistance.eval(RHList, lst)
if bestEditDist == None or bestEditDist > ed:
bestEditDist = ed
if bestEditDist > self.EDIT_DISTANCE_THRESHOLD:
return True
return False
def get_cidre_from_lookup(ip, field):
if ip not in "0.0.0.0":
obj = IPWhois(ip)
res=obj.lookup()
if field == 'range':
return res['nets'][-1]['range']
elif field == 'description':
return res['nets'][-1]['description']
elif field == 'cidr':
return res['nets'][-1]['cidr']
else:
return None
else:
return None
def read_asn(self):
for key in self.new_dict.keys():
self.new_dict[key]['ASN_m3u8'] = ["NONE"]
self.new_dict[key]['ASN_childm3'] = ["NONE"]
self.new_dict[key]['ASN_ts'] = ["NONE"]
try:
if "NONE" not in self.new_dict[key]["MainM3U8ip"]:
x = self.new_dict[key]['MainM3U8ip']
for ip in x:
res = IPWhois(ip).lookup_whois()
self.new_dict[key]['ASN_m3u8'].append("AS" +
res['asn'])
try:
self.new_dict[key][
'HOST_m3u8'] = socket.gethostbyaddr(ip)
except socket.herror as e:
self.new_dict[key][
'HOST_m3u8'] = "cant reverse lookup"
self.new_dict[key]['ASN_m3u8'].remove('NONE')
if "NONE" not in self.new_dict[key]["child_m3ips"]:
y = self.new_dict[key]['child_m3ips']
for ip in y:
# print(self.new_dict[key]['child_m3ips'])
res1 = IPWhois(ip).lookup_whois()
self.new_dict[key]['ASN_childm3'].append("AS" +
res1['asn'])
self.new_dict[key]['ASN_childm3'].remove('NONE')
if "NONE" not in self.new_dict[key][".ts ips"]:
z = self.new_dict[key]['.ts ips']
# print (z)
for ip in z:
res1 = IPWhois(ip[0]).lookup_whois()
self.new_dict[key]['ASN_ts'].append("AS" + res1['asn'])
self.new_dict[key]['ASN_ts'].remove('NONE')
except (ipwhois.exceptions.WhoisRateLimitError,
ipwhois.exceptions.WhoisLookupError,
ipwhois.exceptions.ASNRegistryError,
ipwhois.exceptions.HTTPLookupError) as e:
self.new_dict[key]['status'] = str(e)
def whois_hunt(self):
file = path.exists('Temporary/results.txt')
if file == True:
os.remove('Temporary/results.txt')
else:
pass
import definitico # fare error handling
getvar = self.Type_an_IP_AddressIPHUNTER.text()
obj = IPWhois(getvar) # DATI
self.res = obj.lookup_whois() # INFORMAZIONI
self.formattedres = json.dumps(self.res, indent=2)
self.label_7.setText(self.formattedres)
f = open("Temporary/results.txt", "a")
f.write(
"\n************************** NMAP SCAN *******************************"
)
f.write(str(self.formattedres))
def priv_handler(client, actor, recipient, message):
self.root_logger.debug('privmsggot:' + message + ' from ' +
actor)
if "!help" in message:
self.client.msg(recipient, "Help on it's way...try these:")
self.client.msg(
recipient,
"!quote --get a quote from my buddy Mos Def")
self.client.msg(recipient, "!panic --panic (or not )")
self.client.msg(
recipient,
"!ipinfo --do a geoip lookup on an ip address")
self.client.msg(
recipient,
"!ipwhois --do a whois lookup on an ip address")
if "!quote" in message:
self.client.msg(recipient, getQuote())
if "!panic" in message:
self.client.msg(recipient, random.choice(panics))
if '!ipwhois' in message:
for field in message.split():
if isIP(field):
ip = netaddr.IPNetwork(field)[0]
if (not ip.is_loopback() and not ip.is_private()
and not ip.is_reserved()):
whois = IPWhois(ip).lookup_whois()
description = whois['nets'][0]['description']
self.client.msg(
recipient, "{0} description: {1}".format(
field, description))
else:
self.client.msg(
recipient,
"{0}: hrm..loopback? private ip?".format(
field))
if "!ipinfo" in message:
for i in message.split():
if isIP(i):
ip = netaddr.IPNetwork(i)[0]
if (not ip.is_loopback() and not ip.is_private()
and not ip.is_reserved()):
self.client.msg(
recipient, "{0} location: {1}".format(
i, ipLocation(i)))
else:
self.client.msg(
recipient,
"{0}: hrm..loopback? private ip?".format(
i))
def whoislookup():
data = raw_input("Enter a domain or IP: ")
whois_result = pythonwhois.get_whois(data)
if "raw" in whois_result:
if "No match" in str(whois_result["raw"][0]):
print ""
else:
print str(whois_result)
else:
print ""
try:
from warnings import filterwarnings
filterwarnings(action="ignore")
from ipwhois import IPWhois
from pprint import pprint
obj = IPWhois(data)
results = obj.lookup_whois(inc_nir=True)
pprint(results)
except:
print ""
def do_whois(list_of_ips):
print ("[+] performing whois on all " + str(len(list_of_ips)) + " ip addresses ...")
results = []
for ip in list_of_ips:
if ip == "":
results.append("<no result>")
continue
try:
obj = IPWhois(ip)
info = obj.lookup_whois()
owner = info["nets"][0]["description"]
owner = owner.strip()
owner = owner.replace('\n',' ').replace('\r',' ')
print (owner)
results.append(owner)
except:
results.append("<no result>")
continue
#print (results)
return results
def get_data(ip):
try:
obj = IPWhois(ip)
results = json.loads(json.dumps(obj.lookup()))['nets'][0]
owner = results['name'].strip()
country = results['country'].strip()
org = get_org(ip)
server = get_server(ip)
desc = ' '.join(results['description'].split('\n'))
text = '%s, %s, %s, %s, %s,%s' % (ip, owner, country, org, server,
desc)
table.append(text.split(','))
except requests.exceptions.Timeout:
msg = 'Timeout - %s' % ip
exceptions.append(msg)
except requests.exceptions.ConnectionError:
msg = 'Connection error - %s' % ip
exceptions.append(msg)
except Exception as e:
exceptions.append(str(e))
def ip_whois(ip: str) -> str:
global WHOIS
if WHOIS is None:
with open("cache/whois.json") as fp:
WHOIS = json.load(fp)
if ip in ['127.0.0.1', '0.0.0.0']:
return "localhost"
if ip in WHOIS:
return WHOIS[ip]
try:
obj = IPWhois(ip)
res = obj.lookup_whois()
desc = res.get("asn_description")
WHOIS[ip] = desc
except Exception as e:
print(str(e))
desc = ""
print(desc)
# sys.exit()
return desc
def FindAbuse(
NotCheckedURL
): #main function, that returns abuse email adress for any giver URL
finalstring = ''
NotDecyphered = DecypherURL(NotCheckedURL)
domainName = ShortenURL(NotDecyphered)
try:
ipadresss = (socket.gethostbyname(domainName)
) # Getting IP adress for given www
obj = IPWhois(ipadresss)
results = obj.lookup_rdap(depth=1) # getting whois info
resstring = json.dumps(
results) # getting string from results which is a dict
# print(resstring) #used for debugging and showing full whois info
abusemail = FindByString(resstring)
finalstring = finalstring + abusemail + ' ' + domainName + ' ' + ipadresss
except socket.error:
print(domainName + " ERROR_Incorrect_web_adress_given_ERROR")
return finalstring
def geowhois(x):
try:
obj = IPWhois(x)
results = obj.lookup_rdap()
ip = results['query']
country = results['asn_country_code']
description = results['asn_description']
cidr = results['asn_cidr']
date = results['asn_date']
holder1['WHOISCOUNTRY'] = country
holder1['WHOISDESC'] = description
holder1['WHOISCIDR'] = cidr
holder1['WHOISDATE'] = date
except (KeyboardInterrupt):
sys.exit(1)
except Exception as e:
holder1['WHOISCOUNTRY'] = str(e)
holder1['WHOISDESC'] = 'error'
holder1['WHOISCIDR'] = 'error'
holder1['WHOISDATE'] = 'error'
def whois_ip(self):
import definitico
file = path.exists('Temporary/results.txt')
if file == True:
os.remove('Temporary/results.txt')
else:
pass # fare error handling
try:
getvar = self.Type_an_IP_Address_WHOIS.text()
obj = IPWhois(getvar) # DATI
self.res = obj.lookup_whois() # INFORMAZIONI
self.formattedres = json.dumps(self.res, indent=2)
self.output_whois.setText(self.formattedres)
f = open("Temporary/results.txt", "a")
f.write(str(self.formattedres))
except ValueError:
self.output_whois.setText("Value error: Please try again")
def getWhois(ipaddress):
try:
whois = dict()
ip = netaddr.IPNetwork(ipaddress)[0]
if (not ip.is_loopback() and not ip.is_private() and not ip.is_reserved()):
whois = IPWhois(netaddr.IPNetwork(ipaddress)[0]).lookup_whois()
whois['fqdn']=socket.getfqdn(str(netaddr.IPNetwork(ipaddress)[0]))
return (json.dumps(whois))
except Exception as e:
sys.stderr.write('Error looking up whois for {0}: {1}\n'.format(ipaddress, e))
def whois(self, dom: Domain, interactive: bool, verbose: bool) -> int:
"""Scrape WHOIS data for the org or asn_description."""
# Make sure we have Ip addresses to check
try:
if len(dom.ip) <= 0:
raise NoIPaddress
except NoIPaddress:
return 1
# Define temp list to assign
whois_data = []
# Iterate through all the IP addresses in object
for ip in dom.ip:
try:
response = IPWhois(ip)
# These two should be where we can find substrings hinting to CDN
try:
org = response.lookup_whois()["asn_description"]
if org != "BAREFRUIT-ERRORHANDLING":
whois_data.append(org)
except AttributeError:
pass
try:
org = response.lookup_rdap()["network"]["name"]
if org != "BAREFRUIT-ERRORHANDLING":
whois_data.append(org)
except AttributeError:
pass
except HTTPLookupError:
pass
except IPDefinedError:
pass
except ASNRegistryError:
pass
except Exception as e:
if interactive or verbose:
print(f"[{e}]: {dom.url} for {ip}")
for data in whois_data:
if data not in dom.whois_data:
dom.whois_data.append(data)
# Everything was successful
return 0
def get_whois_info(ip_str: str,
show_progress: bool = False) -> Tuple[str, dict]:
"""
Retrieve whois ASN information for given IP address using IPWhois python package.
Parameters
----------
ip_str : str
IP Address to look up.
show_progress : bool, optional
Show progress for each query, by default False
Returns
-------
IP
Details of the IP data collected
Notes
-----
This function uses the Python functools lru_cache and
will return answers from the cache for previously queried
IP addresses.
"""
ip_type = get_ip_type(ip_str)
if ip_type == "Public":
try:
whois = IPWhois(ip_str)
whois_result = whois.lookup_whois()
if show_progress:
print(".", end="")
return whois_result["asn_description"], whois_result
except (
HTTPLookupError,
HTTPRateLimitError,
HostLookupError,
WhoisLookupError,
WhoisRateLimitError,
) as err:
return f"Error during lookup of {ip_str} {type(err)}", {}
return f"No ASN Information for IP type: {ip_type}", {}
def lookup_ip(ipaddr):
global recorded_ipmeta, total_ipmeta
if not ipaddr in dic_ip:
dic_ip[ipaddr] = {}
dic_ip[ipaddr]['as_description'] = ''
dic_ip[ipaddr]['as_id'] = ''
dic_ip[ipaddr]['as_country_code'] = ''
dic_ip[ipaddr]['domain'] = ''
total_ipmeta = total_ipmeta + 1
try:
obj = IPWhois(str(ipaddr), timeout=1)
results = obj.lookup_rdap(depth=1, rate_limit_timeout=60)
dic_ip[ipaddr]['as_description'] = str(
results['asn_description']).strip()
dic_ip[ipaddr]['as_id'] = str(results['asn']).strip()
dic_ip[ipaddr]['as_country_code'] = str(
results['asn_country_code']).strip()
completed_proc = subprocess.run(
['host', '-W', '1', str(ipaddr)], stdout=subprocess.PIPE)
domain_res = str(
completed_proc.stdout.decode('utf-8')).rstrip().lower()
# print(domain_res)
if 'not found' in domain_res or 'timed out' in domain_res or 'no PTR record' in domain_res:
dic_ip[ipaddr]['domain'] = 'unknown'
else:
dic_ip[ipaddr]['domain'] = domain_res.split(' ')[-1]
recorded_ipmeta = recorded_ipmeta + 1
except Exception:
dic_ip[ipaddr]['as_description'] = ''
dic_ip[ipaddr]['as_id'] = ''
if (dic_ip[ipaddr]['domain'] == ''):
dic_ip[ipaddr]['domain'] = 'unknown'
# cache ipmeta
if (len(dic_ip) % 30 == 0):
print('[cached ip_meta] recorded ratio=%d/%d' %
(recorded_ipmeta, len(dic_ip)))
ipinfo_file = open('./ipmeta.txt', 'w')
ipinfo_dump = json.dumps(dic_ip)
ipinfo_file.write(ipinfo_dump)
ipinfo_file.close()
return dic_ip[ipaddr]
def _do(ip_, whois_ttl):
data = {}
if not HAS_IPWHOIS:
return data
try:
wreg = __salt__[
'mc_macros.get_local_registry'](
'whois_data', registry_format='pack')
if ip in wreg:
if time.time() >= wreg[ip]['t'] + whois_ttl:
del wreg[ip]
data = wreg.get(ip, {}).get('data', {})
if not data:
data = IPWhois(ip).lookup()
cdata = wreg.setdefault(ip, {})
cdata.setdefault('t', time.time())
cdata.setdefault('data', data)
search_data = {'ovh': ['ovh', 'sys'],
'phpnet': ['phpnet'],
'online': ['proxad',
'illiad',
'iliad']}
search_data['sys'] = search_data['ovh']
for provider, search_terms in search_data.items():
for i in search_terms:
for j in data.get('nets', []):
for k, val in j.items():
if k in ['abuse_emails',
'description',
'handle',
'name']:
if val and i in val.lower():
data['is_{0}'.format(provider)] = True
break
__salt__['mc_macros.update_local_registry'](
'whois_data', wreg,
registry_format='pack')
except Exception:
log.error(traceback.format_exc())
data = {}
return data
def get_cidr_info(ip_address):
for p in private_subnets:
if ip_address in p:
return str(p), 'Non-Public Subnet'
try:
res = IPWhois(ip_address).lookup_whois(get_referral=True)
except Exception:
try:
res = IPWhois(ip_address).lookup_whois()
except Exception as e:
display_error("Error trying to resolve whois: {}".format(e))
res = {}
if not res.get('nets', []):
display_warning(
"The networks didn't populate from whois. Defaulting to a /24.")
# again = raw_input("Would you like to try again? [Y/n]").lower()
# if again == 'y':
# time.sleep(5)
# else:
return '{}.0/24'.format('.'.join(
ip_address.split('.')[:3])), "Whois failed to resolve."
cidr_data = []
for net in res['nets']:
for cd in net['cidr'].split(', '):
cidr_data.append([
len(IPNetwork(cd)), cd,
net['description'] if net['description'] else ""
])
try:
cidr_data.sort()
except Exception as e:
display_error("Error occured: {}".format(e))
pdb.set_trace()
return cidr_data[0][1], cidr_data[0][2]
def _whois_ip(ip):
result = {}
obj = None
try:
obj = IPWhois(ip)
result = obj.lookup_whois(inc_raw=False)
logging.debug(result["nets"])
except Exception as e:
logging.debug(e)
result["error"] = str(e)
result["query"] = str(ip)
if result:
result["reverse"] = None
try:
rev = obj.net.get_host()
except Exception as e:
logging.debug(e)
#result["reverse"] = str(e)
return result
def get_ip_info(self, ip):
"""
Retrieves pertinent fields from IP WHOIS information
"""
cached_info = self.get_cache(ip)
if len(cached_info) == 0:
try:
request = IPWhois(ip)
result = request.lookup_rdap(depth=1)
cidr = result['asn_cidr']
country = result['asn_country_code']
self.set_cache(ip, cidr, country)
except Exception:
cidr = ''
country = ''
else:
cidr = cached_info[0][0]
country = cached_info[0][1]
return {'cidr': cidr, 'country_code': country}
def lookup(ip, rdap=False):
obj = IPWhois(ip)
if rdap:
return obj.lookup_rdap(asn_methods=['dns', 'whois', 'http'])
else:
try:
field_list = [
'name', 'cidr', 'handle', 'description', 'country', 'state',
'city', 'address', 'postal_code', 'emails', 'created',
'updated'
]
ret = obj.lookup_whois(get_referral=True,
get_recursive=False,
asn_methods=['dns', 'whois', 'http'],
field_list=field_list)
except WhoisLookupError:
ret = obj.lookup_whois(asn_methods=['dns', 'whois', 'http'])
# remove some fields that clutter
for x in ['raw', 'raw_referral']:
ret.pop(x, None)
return ret
def run_rdap(self, ip_address):
"""Perform an RDAP lookup for an IP address. An RDAP lookup object is returned.
From IPWhois: IPWhois.lookup_rdap() is now the recommended lookup method. RDAP provides
a far better data structure than legacy whois and REST lookups (previous implementation).
RDAP queries allow for parsing of contact information and details for users, organizations,
and groups. RDAP also provides more detailed network information.
"""
try:
with warnings.catch_warnings():
# Hide the 'allow_permutations has been deprecated' warning until ipwhois removes it
warnings.filterwarnings("ignore", category=UserWarning)
rdapwho = IPWhois(ip_address)
results = rdapwho.lookup_rdap(depth=1)
return results
except Exception as error:
print(
red("[!] Failed to collect RDAP information for {}!").format(
ip_address))
print(red("L.. Details: {}".format(error)))
def get_names(ip_address):
obj = IPWhois(ip_address)
results = obj.lookup_rdap(depth=0, inc_nir=False, asn_methods=['whois'])
resulting_objects = results['objects']
names = []
for item in resulting_objects:
if 'contact' not in resulting_objects[item]:
continue
if 'address' not in resulting_objects[item]['contact']:
continue
if resulting_objects[item]['contact']['address'] is None:
continue
for address in resulting_objects[item]['contact']['address']:
if address['value'] is not None:
names.append(address['value'])
return names
def domain_whois(domain):
try:
ip_addr = domaintoip(domain)
data = IPWhois(ip_addr)
out = data.lookup()
city_data = out["nets"][0]['city']
country_data = out["nets"][0]['country']
description_data = out["nets"][0]['description']
emails_data = out["nets"][0]['emails']
name_data = out["nets"][0]['name']
range_data = out["nets"][0]['range']
state_data = out["nets"][0]['range']
out_email = ("".join(map(str, emails_data)))
save_data = whoisinfo_db(ip=(ip_addr), sh_domain=(domain), city=(city_data), country=(country_data),
description=(description_data), emails=(out_email), name=(name_data),
range=(range_data), state=(state_data))
save_data.save()
except Exception as error:
print error
def get_rdap_registry_info(ip_input, rdap_depth):
"""Gathers registry info in RDAP protocol
Arguments:
ip_input {string} -- Artifact.value
rdap_depth {int} -- 0,1 or 2
Returns:
{object} -- Registry info, RDAP Protocol
"""
try:
internet_protocol_address_object = IPWhois(ip_input,allow_permutations=True)
try:
rdap_response = internet_protocol_address_object.lookup_rdap(rdap_depth)
if internet_protocol_address_object.dns_zone:
rdap_response["dns_zone"] = internet_protocol_address_object.dns_zone
return rdap_response
except exceptions.ASNRegistryError as e:
logging.error(traceback.format_exc())
except:
logging.error(traceback.format_exc())
def count_countries(conn):
countries = {}
netstat = IPWhois(str(conn.raddr[0])).lookup_whois()
jsonOut = json.dumps(netstat, indent=4)
country = netstat["nets"][0]["country"]
if country in countries:
countries[country] += 1
else:
countries[country] = 1
return countries
def do_whois_lookup(ip_address):
"""
Do the whois lookup for given IP address.
:param ip_address: IP address to be whois-looked up.
:return: Response object for the lookup.
"""
logging.info("performing whois lookup for %s", ip_address)
try:
return IPWhois(ip_address).lookup_whois()
except IpwhoisException:
logging.exception("IP whois lookup failed for %s", ip_address)
def __lookup_ip(normed_ip: str) -> str:
try:
who = IPWhois(normed_ip).lookup_rdap()
cidr = who["network"]["cidr"]
asn_cidr = who["asn_cidr"]
return cidr if cidr == asn_cidr else (cidr + ' ' + asn_cidr)
except (urllib.error.HTTPError, exceptions.HTTPLookupError,
exceptions.IPDefinedError, ASNRegistryError) as ex:
LOGGER.warning("IP Lookup for %s fail", normed_ip)
LOGGER.warning("return ip instead of network")
LOGGER.debug(ex)
return normed_ip
def get_city_by_ip(request):
return DEFAULT_CITY
try:
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
if x_forwarded_for:
ip = x_forwarded_for.split(',')[0]
else:
ip = request.META.get('REMOTE_ADDR')
result = IPWhois(ip).lookup()
except IndexError:
return DEFAULT_CITY
return DEFAULT_CITY
def execute(self, quals, columns):
intrusion_set_list = []
conn_string = _conn_string
query = "MATCH (a:ioc) WHERE a.type=\'ip\' AND a.value <> \'-\' AND a.value <> \'\' " \
"AND a.value <> \'0.0.0.0\' AND a.value <> \'10.10.10.1\' RETURN DISTINCT a.value AS ip_value"
try:
conn = ag.connect(conn_string)
cur = conn.cursor()
cur.execute(query)
while True:
records = cur.fetchall()
if not records:
break
for i in range(0, len(records)):
line = dict()
indicator_ip = records[i][0]
obj = IPWhois(indicator_ip)
try:
res = obj.lookup_rdap(asn_methods=['whois', 'dns'])
except:
continue
for column_name in self.columns:
if (column_name == 'ip'):
line[column_name] = indicator_ip
elif (column_name == 'asn'):
line[column_name] = res['asn']
elif (column_name == 'country_code'):
line[column_name] = res['asn_country_code']
elif (column_name == 'date'):
line[column_name] = res['asn_date']
elif (column_name == 'description'):
line[column_name] = res['asn_description']
elif (column_name == 'registry'):
line[column_name] = res['asn_registry']
yield line
except Exception, e:
log_to_postgres(e)
def _whois(self, _type, target=None):
""" perform whois on domain or ipv4 addr """
res = []
try:
if target:
if _type == 'domain':
res.append(whois.whois(target))
else:
obj = IPWhois(target)
res.append(obj.lookup_rdap(depth=1))
else:
if _type == 'domain':
log = self._read_log('domainname')
else:
log = self._read_log('ipv4addr')
for target in log:
if target:
if _type == 'domain':
res.append(whois.whois(target))
else:
obj = IPWhois(target)
res.append(obj.lookup_rdap(depth=1))
except:
pass
return res
def orgGroups(self, sender, mID):
# import pdb; pdb.set_trace()
try:
newmID = "www." + mID
afterAT = "www." + sender[sender.index("@") + 1:]
if newmID in self.domainCompanyPairing.keys():
res1 = self.domainCompanyPairing[newmID]
else:
ip1 = socket.gethostbyname(newmID)
obj1 = IPWhois(ip1)
res1 = obj1.lookup(get_referral=True)['nets'][0]['name']
self.domainCompanyPairing[newmID] = res1
if afterAT in self.domainCompanyPairing.keys():
res2 = self.domainCompanyPairing[afterAT]
else:
ip2 = socket.gethostbyname(afterAT)
obj2 = IPWhois(ip2)
res2 = obj2.lookup(get_referral=True)['nets'][0]['name']
self.domainCompanyPairing[afterAT] = res2
if res1 == res2:
return True
return False
except:
return False
