def getfromip(ip):
    print("AS info for IP : " + ip)
    from cymruwhois import Client
    c = Client()
    r = c.lookup(ip)
    print(r.asn)
    print(r.owner)
示例#2
0
def check_ns(domain="gouv.bj"):
	result = dns.resolver.resolve(domain, 'NS')
	ns_len = len(result)
	ns = []
	for ipval in result:
		ns.append(ipval.to_text())
	infos['INFO_NS'] = {
		'list': ns,
		'number': ns_len,
	}
	#Get localisation
	infos['INFO_NS']['ns_location'] = {}
	for name in ns:
		ip = socket.gethostbyname(name)
		response = requests.get('http://ip-api.com/json/'+ip)
		res = response.json()
		infos['INFO_NS']['ns_location'][name] = res['country']+", "+res['city']



	#  Check ASN
	if ns_len >= 2:
		asn = 0
		for name in ns:
			ip = socket.gethostbyname(name)
			c = Client()
			r = c.lookup(ip)

			if asn == 0:
				asn = r.asn
			elif asn != r.asn:
				infos['INFO_NS']['same_asn'] = False
			else:
				asn = r.asn
				infos['INFO_NS']['same_asn'] = True
示例#3
0
文件: iptools.py 项目: j3ers3/PySec
def main():

    parser = optparse.OptionParser('%prog ' + \
	    '-r <ip_file> || -i <ip>')
    parser.add_option('-r', dest='ipfile', type='string',\
	    help='specify target file with ips')
    parser.add_option('-i', dest='ip', type='string',\
	    help='specify target with ip')

    (options, args) = parser.parse_args()
    ip	   = options.ip
    ipfile = options.ipfile

    if ip == None and ipfile == None:
	print parser.print_help()
	exit(1)

    if ip and ipfile :
	print parser.usage
	exit(1)

    if ipfile != None:  
	ip_list = get_ips(ipfile)
	look(ip_list)
    else:
	c = Client()
	try:
	    try:
		r = c.lookup(ip)
	    except Exception as e:print e
	    pt = r[ip].prefix + " ------> " + r[ip].ip + "\n" + \
		 r[ip].cc + "\t" + r[ip].owner
	    print pt + "\n" + "-"*60
	except Exception as e:
	    print e
示例#4
0
def main():
    parser = optparse.OptionParser('%prog ' + \
                                   '-r <file_with IPs> || -i <IP>')
    parser.add_option('-r', dest='ips', type='string', \
                      help='specify target file with IPs')
    parser.add_option('-i', dest='ip', type='string', \
                      help='specify a target IP address')
    (options, args) = parser.parse_args()
    ip = options.ip  # Assigns a -i <IP> to variable 'ip'
    global ips;
    ips = options.ips  # Assigns a -r <fileName> to variable 'ips'
    if (ips == None) and (ip == None):  # If proper arguments aren't given print the script usage
        print parser.usage
        sys.exit(0)
    if ips != None:  # Execute if ips has a value
        checkFile(ips)  # Execute the function to check if the file can be read
        iplist = []  # create the ipslist list object
        for line in open(ips, 'r'):  # Parse File to create a list
            iplist.append(line.strip('\n'))  # Appends that line in the file to list and removes the new line char
        look(iplist)  # pass the iplist list object to the look() function

    else:  # Executes lookup() function for a single IP stored in variable 'ip'
        try:
            c = Client()
            r = c.lookup(ip)
            net = r.prefix;
            owner = r.owner;
            cc = r.cc
            line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner)
            print line
        except:pass
示例#5
0
def look(iplist):
    time.sleep(2)  # delays for 2 seconds
    c = Client()  # creates an instance of the Client class
    try:
        #       print 'here before != None'
        #       print iplist
        #       if ips != None:
        if iplist != None:
            print 'here after !=None'
            print iplist
            time.sleep(2)
            #          r = c.lookupmany_dict('8.8.8.8')
            r = c.lookupmany_dict(
                iplist
            )  # leverages the lookupmany_dict() function to pass in a list of IPs
            for ip in iplist:  # Iterates over the ips in the list to use a key value in the dictionary from lookupman_dict()
                time.sleep(2)  # delays for 2 seconds
                print " ip here " + ip
                net = r[ip].prefix
                owner = r[ip].owner
                cc = r[
                    ip].cc  # gets the networking information from the dictionary
                #              print net
                line = '%-20s # - %15s (%s) - %s' % (
                    net, ip, cc, owner)  # formats the line to print cleanly
                print line
    except:
        pass
def getfromhostname(hostname):
    print("AS info for hostname :" + hostname)
    ip = socket.gethostbyname(hostname)
    from cymruwhois import Client
    c = Client()
    r = c.lookup(ip)
    print(r.asn)
    print(r.owner)
示例#7
0
def look(iplist):
	c=Client() # creates an instance of the Client class
	try:
		r = c.lookupmany_dict(iplist) # leverages the lookupmany_dict() function to pass in a list of IPs
		for ip in iplist: # Iterates over the ips in the list to use a key value in the returned dictionary from lookupman_dict()
			net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc # gets the networking information from the dictionary
			line = '%-20s # - %15s (%s) - %s' % (ip,net,cc,owner) # formats the line to print cleanly
        		print line
	except:pass
def getTraceRoute(jsonFile):
  import json
  import sys
  import pygeoip
  from AtlasUtils import *
  from cymruwhois import Client
  c=Client()
  inFile = jsonFile
  outFile = "tmpASPath.txt"
  my_file = open(outFile, "w")
  asnDict = open("asnDict.txt","w")



  with open(inFile) as data_file:
      data = json.load(data_file)
  ### use GeoIPASNum.dat if system is not connected to Internet. This is a offline database of ip-to-AS mapping
  gi = pygeoip.GeoIP('GeoIPASNum.dat')
  #
  if is_valid_ipv4(data[0]["from"]):
    gi = pygeoip.GeoIP('GeoIPASNum.dat')
  else :
      gi = pygeoip.GeoIP('GeoIPASNumv6.dat')

  for index in range(len(data)):

    tmpASPath = ""

    for cnt in range(len(data[index]["result"])):

      if data[index]["result"][cnt].has_key("error"):
        print data[index]["result"][cnt]["error"]
      else:
        for resultrttindex in range(len(data[index]["result"][cnt]["result"])):
          #print data[index]["result"][cnt]["result"][resultrttindex]
          from_val = "*"
          asn_val = False

          if data[index]["result"][cnt]["result"][resultrttindex].has_key("from"):
            from_val = data[index]["result"][cnt]["result"][resultrttindex]["from"]
            tmp = "None"
            r=c.lookup(from_val)
            asn_val = r.asn+"$"+r.owner

        print "%s :--> %s" % (from_val, asn_val)
        if isinstance(asn_val, str) and not 'NA' in asn_val:
          asnDict.write(asn_val+"\n")

        if isinstance(asn_val, str) and not 'NA' in asn_val:
          s = tmpASPath.split(" ")

          if not s[len(s)-2] == r.asn:
            tmpASPath = tmpASPath + r.asn + " "
    my_file.write(tmpASPath + "\n")

  my_file.close()
  asnDict.close()
示例#9
0
def api(ip):
    c = Client()
    r = c.lookup(ip)
    print(r.asn)
    print(r.owner)
    asno = r.asn     #as number
    asname = r.owner #as name
    res = jsonify(ASN=asno, AS=asname)
    return res
示例#10
0
def use_ip_to_get_isp(ip):
    ''' This might be redundant on the previous ip lookup, but the owner output
        seems to have a might better consistenciy
    '''
    c = Client()    # should probably pull this out of here so not to create it each time
    r = c.lookup(ip)
    # print r.asn
    # print r.owner
    return {'isp_name': r.owner}
示例#11
0
def tryWhoIs(ip_addr):

    try:
        c = Client()
        r = c.lookup(ip_addr)
        name = r.owner
    except:
        name = "unknown"

    return name
示例#12
0
def get_isp(ip):
    ''' Gets the isp name for the ip
        Much faster than the ipwhois lookup, but there is no "organization" field.

        ip: an ip address parsed out of the log file.
        Returns: dict containing isp name for the ip
    '''
    c = Client()    # should probably pull this out of here so not to create it each time
    r = c.lookup(ip)
    return {'isp_name': r.owner}
示例#13
0
def look(iplost):
	c=Client() # create instance of client class
	try:
		if ips != None:
			r = c.lookupmany_dict(iplist) # uses lookupmany_dict() function to pass in a list of IPs
			for ip in iplist:
				net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc # gets network info from dict
				line = '%-20s # - %15s (%s) - %s' % (net,ip,cc,owner) # formats the line to print
				print line
	except:pass
示例#14
0
def get_asn(ip):
    """use cymruwhois by default instead of pyasn
    input ip address as string, return ASN and AS owner"""
    if ip:
        c = Client()
        try:
            r = c.lookup(ip)
            return r.asn, r.owner
        except Exception as e:
            print("Error finding ASN for " + ip)
    return False, False
示例#15
0
def look(iplist):
    c = Client()  # creates an instance of the Client class
    try:
        if ips != None:
            r = c.lookupmany_dict(iplist)  # leverages the lookupmany_dict() function to pass in a list of IPs
            for ip in iplist:  # Iterates over the ips in the list to use a key value in the dictionary from lookupman_dict()
                net = r[ip].prefix;
                owner = r[ip].owner;
                cc = r[ip].cc  # gets the networking information from the dictionary
                line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner)  # formats the line to print cleanly
                print line
    except:pass
示例#16
0
def net_lookup(ips):
    try:
        c=Client()
        ips = list(set(ips)) # uniq IPs
        r = c.lookupmany_dict(ips)
        for ip in ips:
            net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc 
            line = '%-20s # - %15s (%s) - %s' % (ip,net,cc,owner) 
            print line

    except Exception as e:
        print e
示例#17
0
文件: iptools.py 项目: j3ers3/PySec
def look(ip_list):

    c = Client()
    try:
	r = c.lookupmany_dict(ip_list)
	for ip in ip_list:
	    pt = r[ip].prefix + " ------> " + r[ip].ip + "\n" + \
		 r[ip].cc + "\t" + r[ip].owner
	    print pt + "\n" + "-"*60   
    except Exception as e:
	print e
	pass
 def whoisrecord(ip):
     currenttime = time.time()
     ts = currenttime
     if ip in whois:
         ASN,ts = whois[ip]
     else:
         ts = 0
     if ((currenttime - ts) > 36000):
         C = Client()
         ASN = C.lookup(ip)
         whois[ip] = (ASN,currenttime)
     return ASN
def whoisrecord(ip):
    currenttime = time.time()
    ts = currenttime
    if ip in whois:
        ASN, ts = whois[ip]
    else:
        ts = 0
    if ((currenttime - ts) > 36000):
        C = Client()
        ASN = C.lookup(ip)
        whois[ip] = (ASN, currenttime)
    return ASN
示例#20
0
def get_asn(ip):
    """
    Gets asnum for ip using Cymru's API
    (https://pythonhosted.org/cymruwhois/api.html)
    Stores in cache for future use using the lru_cache decorator
    :param ip:
    :return: asnum info
    """

    client = Client()
    result = client.lookup(ip)

    return result.asn
示例#21
0
def net_lookup(ips):
    try:
        c = Client()
        ips = list(set(ips))  # uniq IPs
        r = c.lookupmany_dict(ips)
        for ip in ips:
            net = r[ip].prefix
            owner = r[ip].owner
            cc = r[ip].cc
            line = '%-20s # - %15s (%s) - %s' % (ip, net, cc, owner)
            print line

    except Exception as e:
        print e
示例#22
0
    def whoisrecord(ip):
      try:
	currenttime = time.time()
        ts = currenttime
        if ip in whois:
            ASN,ts = whois[ip]
        else:
            ts = 0
        if ((currenttime - ts) > 36000):
            c = Client()
            ASN = c.lookup(ip)
            whois[ip] = (ASN,currenttime)
        return ASN
      except Exception as e:
	return e
    def whoisrecord(ip):
      try:
	currenttime = time.time()
        ts = currenttime
        if ip in whois:
            ASN,ts = whois[ip]
        else:
            ts = 0
        if ((currenttime - ts) > 36000):
            c = Client()
            ASN = c.lookup(ip)
            whois[ip] = (ASN,currenttime)
        return ASN
      except Exception as e:
	return e
示例#24
0
def domain(fqdn, rid):
    # mongodb connect
    intel_db = MongoClient('127.0.0.1', 27017).intel
    collection = intel_db.collection

    print '#######  cymru.ipv4  #######'
    if collection.find_one({
            '$and': [{
                "rid": str(rid)
            }, {
                "fqdn": str(fqdn)
            }, {
                "cc": {
                    "$exists": True
                }
            }]
    }) != None:
        print '\t#######  [cymru.domain] already registed [%s]  #######' % str(
            fqdn)
    else:
        print '\t#######  for new registration [%s]  #######' % str(fqdn)

        # cymru whois lookup
        ip = socket.gethostbyname(fqdn)
        c = Client()
        r = c.lookup(ip)

        ele = collection.find_one(
            {'$and': [{
                "fqdn": str(fqdn)
            }, {
                "rid": str(rid)
            }]})
        if ele == None:
            # regist db
            result = {
                "fqdn": str(fqdn),
                "ip": str(ip),
                "owner": str(r.owner),
                "cc": str(r.cc),
                "rid": str(rid)
            }
            collection.insert_one(result)
        else:
            # add db
            ele["owner"] = str(r.owner)
            ele["cc"] = str(r.cc)
            collection.save(ele)
示例#25
0
class Traceroute:
    def __init__(self):
        self.client = Client()

    def run(self) -> NoReturn:
        server = self.parse_args()
        ips = self.get_ip_list(server)
        print(tabulate([[ip, *self.get_ip_info(ip)] for ip in ips],
                       headers=['IP', 'ASN', 'Owner', 'Country'],
                       tablefmt='grid'))

    def get_ip_list(self, server: str) -> List[str]:
        ips = []
        sub = subprocess.run(['traceroute', server], stdout=subprocess.PIPE)
        for line in sub.stdout.decode().split('\n')[1:]:
            ip = self.extract_ip(line)
            if ip:
                ips.append(ip)
        return ips

    def get_ip_info(self, ip: str) -> Tuple[int, str, str]:
        r = self.client.lookup(ip)
        return r.asn, r.owner, r.cc

    @staticmethod
    def extract_ip(line: str) -> Optional[str]:
        s = re.search(IP_PATTERN, line)
        return s.group(0) if s else None

    @staticmethod
    def parse_args() -> str:
        parser = argparse.ArgumentParser()
        parser.add_argument('server', type=str, help='Destination URL/IP')
        args = parser.parse_args()
        return args.server
示例#26
0
def net_lookup(ips, results_file):
    try:
        c = Client()
        ips = list(set(ips))  # uniq IPs
        r = c.lookupmany_dict(ips)
        cidrs = []

        for ip in ips:
            cidrs.append(r[ip].prefix)
        cidrs = list(set(cidrs))  # uniq CIDRs
        cidr_results = ", ".join(cidrs)
        print "[+] Found Results in CIDRs: " + cidr_results
        if results_file:
            results_file.write("[+] Found Results in CIDRs: " + cidr_results + "\n")
    except Exception as e:
        print e
示例#27
0
def main():
    parser = optparse.OptionParser('%prog ' + '-r <file_with IPs> || -i <IP>')
    parser.add_option('-r',
                      dest='ips',
                      type='string',
                      help='specify target file with IPs')
    parser.add_option('-i',
                      dest='ip',
                      type='string',
                      help='specify a target IP address')
    (options, args) = parser.parse_args()
    ip = options.ip  # Assigns a -i <IP> to variable 'ip'
    global ips
    ips = options.ips  # Assigns a -r <fileName> to variable 'ips'
    if (ips == None) and (
            ip == None
    ):  # If proper arguments aren't given print the script usage
        print parser.usage
        sys.exit(0)
    if ips != None:  # Execute if ips has a value
        #       print "ips is not empty here " + ips
        checkFile(ips)  # Execute the function to check if the file can be read
        iplist = []  # create the ipslist list object
        for line in open(ips, 'r'):  # Parse File to create a list
            #           iplist.append(line.strip("'" + "\r\n" + "'"))
            iplist.append(
                line.strip("\r\n")
            )  # Appends that line in the file to list and removes the new line char
            #           iplist.append(line.strip('n'))
            print "line not empty " + line
            print iplist
            look(iplist)  # pass the iplist list object to the look() function
    elif ip != None:
        try:
            print "here ip not empty " + ip
            c = Client()
            r = c.lookup(ip)
            net = r.prefix
            owner = r.owner
            cc = r.cc
            print net
            line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner)
            print line
        except:
            pass
示例#28
0
def build_ip_db(unique_ips):
    ''' Builds up a db of ip addresses that were in the server logs.

        unique_ips: set of ip's that were seen in the server logs
        Returns: the ip db with 'isp_name', 'latitude and 'longitude'
    '''
    c = Client()
    ip_db = shelve.open(opj(data_dir, 'ip.db'))     # NOTE again, this might get too big and blow everything up
    unique_ips = [ip for ip in unique_ips if ip not in ip_db]     # if we have stuff in ip.db already from a previous run
    ips_fetching = 'Fetching info for this many IPs: {}'.format(len(unique_ips))
    print ips_fetching
    logging.info(ips_fetching)
    for subset_of_unique_ips in split_list_into_chunks(unique_ips, 10000): # only do 10,000 ip's at a time
        for ip_addr, ip_info_dict in c.lookupmany_dict(subset_of_unique_ips).iteritems():
            lat, lon = get_lat_and_long(ip_addr)    # NOTE maybe take this out so the shelve doesn't ballon too big
            ip_db[ip_addr] = {'isp_name': ip_info_dict.owner,
                              # 'organization': ??? -- would probably need to pull out from whois, but slow and messy
                              'latitude': lat,
                              'longitude': lon}
    return ip_db
示例#29
0
文件: jetplane.py 项目: 9b/jetplane
    def __init__(self, host, port, db=False, logging="_"):
        self._log = utility.logger("jetplane", logging)
        self._host = host
        self._port = port
        self._proxy_ip = None
        self._whois_handle = Client()
        self._criteria = None
        self._max_tours = 0
        self._tours = 1
        self._takeoff_time = None
        self._errors = 0
        self._success = False
        self._trip_details = []
        self._db = db
        self._kill_bit = False

        if self._db:
            self._mongodb_handle = mongodb("127.0.0.1", "27017", "jetplane",
                                           "hanger", "INFO")
            self._mdb = self._mongodb_handle.get_con()
def get_asn_mapping(ip_list):
    '''
    Calls the cymru api service to get ASN from a given IP and checks if its from Bell
    :param ip_list: A list of ips to get asn information from
    :type ip_list: list of str
    :return mapping: Returns a dictionary with key value pairs of (ip:asn_info)
    :rtype mapping: dict
    '''
    mapping = {}
    client = Client()
    try:
        # If the length of the list is 1, do a solo api call
        if len(ip_list) == 1:
            # Incase the api call returns special characters, catch error and set none
            try:
                result = client.lookup(ip_list[0])
                is_bell = result.asn in CONFIG['bell_asn'].keys()
                mapping.update(
                    {ip_list[0]: {
                         'asn': result.asn,
                         'is_bell': is_bell
                     }})
                return mapping
            except UnicodeDecodeError:
                mapping.update({ip_list[0]: {'asn': None, 'is_bell': None}})
                return mapping
        for idx, result in enumerate(client.lookupmany(ip_list)):
            is_bell = result.asn in CONFIG['bell_asn'].keys()
            mapping.update(
                {ip_list[idx]: {
                     'asn': result.asn,
                     'is_bell': is_bell
                 }})
        return mapping
    except UnicodeDecodeError:
        # Split list and recall function to find invalid api call and rejoin
        mapping_a = get_asn_mapping(ip_list[:len(ip_list) // 2])
        mapping_b = get_asn_mapping(ip_list[len(ip_list) // 2:])
        mapping_c = mapping_a.copy()
        mapping_c.update(mapping_b)
        return mapping_c
示例#31
0
def main():
    global numcnt
    numcnt = 0
    numcnt = int(numcnt)
    parser = optparse.OptionParser('%prog ' + '-r <file_with IPs> || -i <IP>')
    parser.add_option('-r',
                      dest='ips',
                      type='string',
                      help='specify target file with IPs')
    parser.add_option('-i',
                      dest='ip',
                      type='string',
                      help='specify a target IP address')
    (options, args) = parser.parse_args()
    ip = options.ip  # Assigns a -i <IP> to variable 'ip'
    global ips
    ips = options.ips  # Assigns a -r <fileName> to variable 'ips'
    #    checkFile(ips)
    if ip != None:
        try:
            c = Client()
            r = c.lookup(ip)
            net = r.prefix
            owner = r.owner
            cc = r.cc
            line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner)
            print line
            return
        except:
            pass
    if ips != None:
        try:
            checkFile(ips)
            iplist = []
            for line in open(ips, 'r'):
                cnt += 1
                iplist.append(line.strip("\r\n"))
                look(iplist, cnt)
        except:
            pass
示例#32
0
def add():
        print(request.form['textareaInput'])
        fstring=request.form['textareaInput']
        originalstring=request.form['textareaInput']
        
        
        ip = re.findall( r'[0-9]+(?:\.[0-9]+){3}', fstring ) # extracting the IP addresses
        lst=[]
        c = Client()
        for index,item in enumerate(ip):
            r = c.lookup(ip[index])
            #print(r.asn)
            if r.asn != 'NA': 
                print(r.asn, index, ip[index], r.owner)
                lst.append([index,ip[index],r.asn,r.owner,r.cc])
                #1 -index, 2-ip, 3-Asnumber, 4-Asname, 5-Location
        #print(lst)

        for i in lst:
            #print(i[1])#printing ips
            fstring = fstring.replace(i[1],'<a class="toolTipInfo" data-toggle="tooltip" title="AS number: '+i[2]+'&#013AS name: '+i[3]+'&#013Location: '+i[4]+'">'+i[1]+'</a>')
            
        fstring = fstring.replace('\n','<br>') #format to html

        uuid.uuid4()
        struuid = str(uuid.uuid4())
        uniqueid = uuid.uuid4().hex

        con = sqlite3.connect(DATABASE)
        cur = con.cursor()
        cur.execute("INSERT INTO pastes (paste, pasteparsed, routeid) VALUES (?,?,?)",(originalstring,fstring,uniqueid) )
        con.commit()

        cur.execute("select * from pastes")
        users = cur.fetchall(); 
        print(users)
        con.close()

        return redirect("/paste/"+uniqueid)
示例#33
0
def getAsForDomains(domain):
    ips = []

    # get all ips
    for ip in domain['ipaddr']:
        theip = ip['ipaddr']
        ips.append(theip)

    # lookup all ips
    c=Client()

    resp = c.lookupmany(ips)

    # find original ip again
    for r in resp:
        for ip in domain['ipaddr']:
            if ip['ipaddr'] == r.ip:
                ip['ipaddr'] = r.ip
                ip['cc'] = r.cc
                ip['asn'] = r.asn
                ip['asnowner'] = r.owner

                print "  AS: " + r.asn + " / " + r.owner
示例#34
0
class Lookup(object):

    asndb = None
    def __init__(self, pyasn_file=None):
        if pyasn_file:
            self.asndb = pyasn(pyasn_file)
        self.whois = Client()

    def lookup(self, ip):
        if self.asndb:
            asn = self.asndb.lookup(ip)[0]
            if asn:
                return str(asn)
        else:
            return self.whois.lookup(ip).asn
示例#35
0
文件: jetplane.py 项目: 9b/jetplane
    def __init__(self, host, port, db=False, logging="_"):
        self._log = utility.logger("jetplane", logging)
        self._host = host
        self._port = port
        self._proxy_ip = None
        self._whois_handle = Client()
        self._criteria = None
        self._max_tours = 0
        self._tours = 1
        self._takeoff_time = None
        self._errors = 0
        self._success = False
        self._trip_details = []
        self._db = db
        self._kill_bit = False

        if self._db:
            self._mongodb_handle = mongodb("127.0.0.1", "27017", "jetplane", "hanger", "INFO")
            self._mdb = self._mongodb_handle.get_con()
示例#36
0
def get_aspath(sagan_results, pyasn_file=None):
    '''sort throught traceroute results.  it converts 
    the ip address of each hop in the traceroute to create
    and as hop path.  
    
    if pyasn_file is passed us that as the ipasn DB file.
    otherwise use tc whois'''
    if pyasn_file:
        asndb = pyasn(pyasn_file)

        def _lookup(ip):
            asn = asndb.lookup(ip)[0]
            if asn:
                return str(asn)
    else:
        whois = Client()

        def _lookup(ip):
            return whois.lookup(ip).asn

    asn_paths = []
    for result in sagan_results:
        if result.is_error:
            logging.error('{}: {}'.format(result, result.error_message))
            continue
        asn_path = []
        logging.debug('Checking: {}'.format(result.source_address))
        msm_asn = _lookup(result.source_address)
        if msm_asn:
            logging.debug('Adding: {}'.format(msm_asn))
            asn_path.append(msm_asn)
        for hop in result.hops:
            for packet in hop.packets:
                if packet.origin:
                    logging.debug('Checking: {}'.format(packet.origin))
                    asn = _lookup(packet.origin)
                    if asn and asn != asn[-1]:
                        logging.debug('Adding: {}'.format(asn))
                        asn_path.append(asn)
                    break
        logging.info('Found path: {}'.format(asn_path))
        asn_paths.append(asn_path)
    return asn_paths
示例#37
0
#!/usr/bin/python
from cymruwhois import Client
import sys

#log file location hard coded, change to suit environment
logfile = open('/var/log/honeypot/honeyd.log','r')
source = []
for line in logfile:
	source.append(line.split(' ')[3])

src_country = []
src_count = []
c = Client()

results = c.lookupmany_dict( set(source) )

for res in results:
	country =  results[res].cc
	try:
		pos = src_country.index( country )
		src_count[pos] += 1
	except:
		src_country.append( country )
		src_count.append( 1 )

for i in range( 0, ( len( src_country ) - 1 ) ):
	sys.stdout.write( "%s:\t%i\n" %( src_country[i], src_count[i] ) )

示例#38
0
web_user = None
web_pass = None
proxy_user = None
proxy_pass = None
delay = 0
name_lookup = False
salt = False
backup_salt = False
urlencode = False
shut_up = False
web_lookup = False
email_lookup = False
google_dict_search = False
google_query_dict = False
whois = False
whois_client = WhoisClient()
web_client = httplib2.Http()


###[ Subroutines

def usage():
        """
        Guess what ;)
        """
        print "Chaosmap " + version
        print "Coded by Bastian Ballmann"
        print "http://www.datenterrorist.de\n"
        print "Usage: " + sys.argv[0] + """
        -b <base_url>
        -B(ackup salt)
示例#39
0
# SOFTWARE.

# Tip jars!
# Bitcoin Cash (BCH)   qpz32c4lg7x7lnk9jg6qg7s4uavdce89myax5v5nuk
# Ether (ETH) -        0x843d3DEC2A4705BD4f45F674F641cE2D0022c9FB
# Litecoin (LTC) -     Lfk5y4F7KZa9oRxpazETwjQnHszEPvqPvu
# Bitcoin (BTC) -      34L8qWiQyKr8k4TnHDacfjbaSqQASbBtTd

#Created by https://github.com/tg12
import requests
import re
import tabulate
from fake_useragent import UserAgent
from cymruwhois import Client

c = Client()
ua = UserAgent()
headers = {
    'User-Agent': ua.random,
}

ips_to_check = []
ip_data = []

lists_to_agg = [
    "https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/091/590/original/ip_filter.blf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20200503%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200503T173407Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=10feb0d139742092e98186a296d30ada45ee9081777ab8197d0c5daf0308384b",
    "http://talosintel.com/feeds/ip-filter.blf",
    "https://reputation.alienvault.com/reputation.generic",
    "https://www.matthewroberts.io/api/threatlist/latest",
    "https://threatintel.stdominics.sa.edu.au/",
    "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt",
示例#40
0
 def __init__(self):
     self.client = Client()
示例#41
0
web_user = None
web_pass = None
proxy_user = None
proxy_pass = None
delay = 0
name_lookup = False
salt = False
backup_salt = False
urlencode = False
shut_up = False
web_lookup = False
email_lookup = False
google_dict_search = False
google_query_dict = False
whois = False
whois_client = WhoisClient()
web_client = httplib2.Http()

###[ Subroutines


def usage():
    """
        Guess what ;)
        """
    print "Chaosmap " + version
    print "Coded by Bastian Ballmann"
    print "http://www.datenterrorist.de\n"
    print "Usage: " + sys.argv[0] + """
        -b <base_url>
        -B(ackup salt)
def asn_lookup(asn):
    cymru_client = Client()
    req = cymru_client.lookup("AS" + asn)
    cc_data = req.cc
    return cc_data
示例#43
0
文件: jetplane.py 项目: 9b/jetplane
class jetplane:
    def __init__(self, host, port, db=False, logging="_"):
        self._log = utility.logger("jetplane", logging)
        self._host = host
        self._port = port
        self._proxy_ip = None
        self._whois_handle = Client()
        self._criteria = None
        self._max_tours = 0
        self._tours = 1
        self._takeoff_time = None
        self._errors = 0
        self._success = False
        self._trip_details = []
        self._db = db
        self._kill_bit = False

        if self._db:
            self._mongodb_handle = mongodb("127.0.0.1", "27017", "jetplane", "hanger", "INFO")
            self._mdb = self._mongodb_handle.get_con()

    def take_off(self, criteria, tours):
        self._takeoff_time = time.time()
        self._max_tours = tours + 1
        self._criteria = criteria.lower()
        self._log.info("Trip details: max tours - %d, local - %s" % (self._max_tours, self._criteria))
        r = self._world_tour()
        return r

    def _world_tour(self):
        self._log.info("Baggage check number %d" % self._tours)
        time.sleep(3)  # naptime
        self._log.info("Tickets purchased to %s" % self._criteria)
        self._flush_addr()  # kill off any address we had before
        self._log.info("Safety and pre-flight checks")
        time.sleep(7)

        # accept 3 errors before ditching
        for i in range(0, 2):
            prox_run = self._proxy_check()  # see what TOR gave us
            if prox_run:
                break
            else:
                if i == 1:
                    return False

        for i in range(0, 2):
            who_run = self._whoami()  # pull out the decision
            if who_run:
                break
            else:
                if i == 1:
                    return False

        self._decide()  # did we land in the right area
        return True

    def _flush_addr(self):
        self._log.info("Boarding the plane")
        sout = Popen(["/etc/init.d/tor", "restart"], stdout=PIPE, stderr=STDOUT).communicate()[0]

    def _proxy_check(self):
        self._headers = {
            "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
            "Connection": "Keep-Alive",
        }
        self._proxies = {"http": self._host + ":" + self._port}
        self._urls = [
            "http://whatismyipaddress.com/",
            "http://www.whatsmyip.us/",
            "http://www.ipchicken.com/",
            "http://www.whatsmyip.info/",
            "http://www.whatsmyip.in/",
            "http://www.whatsmyip.cc/",
            "http://ipswift.com",
        ]
        self._url = self._urls[random.randint(0, len(self._urls) - 1)]
        self._log.info("Fetching address data from %s" % self._url)
        response = requests.get(self._url, proxies=self._proxies)
        if response.status_code == 200:
            try:
                self._proxy_ip = re.search(
                    r"((2[0-5]|1[0-9]|[0-9])?[0-9]\.){3}((2[0-5]|1[0-9]|[0-9])?[0-9])", response.content
                ).group()
                self._log.info("Query returned %s" % self._proxy_ip)
                return True
            except:
                self._log.error("Failed to find IP address using %s" % self._url)
                self._errors += 1
                return False
        else:
            self._proxy_ip = "127.0.0.1"
            self._log.error("Query failed, flushing again")
            self._errors += 1
            return False

    def _whoami(self):
        try:
            self._whois_data = self._whois_handle.lookup(self._proxy_ip)
            self._addr_owner = self._whois_data.owner
            self._addr_asn = self._whois_data.asn
            self._addr_prefix = self._whois_data.prefix
            self._addr_cc = self._whois_data.cc
            return True
        except Exception, e:
            self._log.error("Failed to gather WHOIS for %s" % self._proxy_ip)
            self._log.info(str(e))
            self._errors += 1
            return False
示例#44
0
 def __init__(self, pyasn_file=None):
     if pyasn_file:
         self.asndb = pyasn(pyasn_file)
     self.whois = Client()
示例#45
0
def process_pcaps(pcap_file):
    aggr_dict = {}

    ROWS = 256
    COLUMNS = 256

    sport_grid = []
    for row in range(ROWS):
        sport_grid.append([])
        for column in range(COLUMNS):
            sport_grid[row].append(0)

    dport_grid = []
    for row in range(ROWS):
        dport_grid.append([])
        for column in range(COLUMNS):
            dport_grid[row].append(0)

    print("Reading pcap file " + pcap_file + "...")
    sys.stdout.flush()

    proto_dict = {17: 'UDP', 6: 'TCP'}
    ip_dports = {}
    packet_count = 0
    start_time = None
    end_time = None
    with PcapReader(pcap_file) as packets:
        for packet in packets:
            try:
                if (IP in packet) and (packet.proto in proto_dict.keys()):
                    if packet_count == 0:
                        start_time = packet.time
                    else:
                        end_time = packet.time
                    packet_count += 1
                    proto_name = proto_dict[packet.proto]
                    l3 = packet['IP']
                    l4 = packet[proto_name]
                    if (l3.src != '0.0.0.0' and l3.src != '255.255.255.255'
                            and l3.dst != '0.0.0.0'
                            and l3.dst != '255.255.255.255'):
                        if l3.src not in aggr_dict:
                            aggr_dict[l3.src] = {}
                        if l3.dst not in aggr_dict[l3.src]:
                            aggr_dict[l3.src][l3.dst] = 0
                        aggr_dict[l3.src][l3.dst] += len(packet.payload)

                        # get ports
                        if l3.src not in ip_dports:
                            ip_dports[l3.src] = []
                        ip_dports[l3.src].append(l4.dport)
            except:
                # packet failed to parse, skipping
                pass

    print("done")

    ROWS = 289
    COLUMNS = 289

    private_grid = []
    for row in range(ROWS):
        private_grid.append([])
        for column in range(COLUMNS):
            private_grid[row].append([0, 0])

    private_map = populate_1918_space()

    ROWS = 256
    COLUMNS = 256
    asn_dict = {}
    c = Client()
    for host in aggr_dict:
        if len(aggr_dict[host]) > 1:
            # get sent bytes
            print("host: {0}".format(host))
            with open('www/static/img/maps/manifest.txt', 'a+') as f:
                f.write(pcap_file.split("/")[-1] + ": " + host + "\n")
            for port in ip_dports[host]:
                dport_grid[int(port / ROWS)][port % ROWS] = 1
            for peer in aggr_dict[host]:
                try:
                    r = c.lookup(peer)
                    if not r.asn:
                        if not r.cc:
                            # RFC 1918, etc.
                            #print "peer:", peer, "bytes out :", aggr_dict[host][peer]
                            priv_arr = private_map[".".join(
                                peer.split(".")[:-1])]
                            private_grid[priv_arr[0]][
                                priv_arr[1]][1] += aggr_dict[host][peer]
                        else:
                            print(
                                "found public IP without an ASN: {0} bytes out: {1}"
                                .format(peer, aggr_dict[host][peer]))
                    else:
                        # public ip space
                        if r.asn in asn_dict:
                            asn_dict[
                                r.asn]['bytes_out'] += aggr_dict[host][peer]
                        else:
                            asn_dict[r.asn] = {
                                'owner': r.owner,
                                'bytes_out': aggr_dict[host][peer],
                                'bytes_in': 0
                            }
                except Exception as e:
                    print("{0} FAILED TO LOOKUP ASN".format(peer))
                    print(str(sys.exc_info()[0]) + str(e))
        else:
            if host in ip_dports:
                for port in ip_dports[host]:
                    sport_grid[int(port / ROWS)][port % ROWS] = 2
            # get received bytes
            dst = None
            # there is only one to loop through
            for d in aggr_dict[host]:
                dst = d
            try:
                r = c.lookup(host)
                if not r.asn:
                    if not r.cc:
                        # RFC 1918, etc.
                        #print "peer:", host, "bytes in:", aggr_dict[host][dst]
                        priv_arr = private_map[".".join(host.split(".")[:-1])]
                        private_grid[priv_arr[0]][
                            priv_arr[1]][0] += aggr_dict[host][dst]
                    else:
                        print(
                            "found public IP without an ASN: {0} bytes out: {1}"
                            .format(host, aggr_dict[host][dst]))
                else:
                    # public ip space
                    if r.asn in asn_dict:
                        asn_dict[r.asn]['bytes_in'] += aggr_dict[host][dst]
                    else:
                        asn_dict[r.asn] = {
                            'owner': r.owner,
                            'bytes_in': aggr_dict[host][dst],
                            'bytes_out': 0
                        }
            except Exception as e:
                print("{0} FAILED TO LOOKUP ASN".format(host))
                print(str(sys.exc_info()[0]) + str(e))

    asn_grid = []
    for row in range(ROWS):
        asn_grid.append([])
        for column in range(COLUMNS):
            asn_grid[row].append([0, 0])

    for asn in asn_dict:
        try:
            asn_num = int(asn)
            if asn_num < 65536:
                asn_grid[int(asn_num / ROWS)][asn_num % ROWS] = [
                    asn_dict[asn]['bytes_in'], asn_dict[asn]['bytes_out']
                ]
            else:
                print(
                    "ALERT!!!! high external asn: {0} asn owner: {1} total bytes sent: {2} total bytes received: {3}"
                    .format(asn, asn_dict[asn]['owner'],
                            asn_dict[asn]['bytes_out'],
                            asn_dict[asn]['bytes_in']))
        except Exception as e:
            print(str(e))
    return asn_grid, private_grid, sport_grid, dport_grid, packet_count, humanize.naturaldelta(
        datetime.utcfromtimestamp(end_time) -
        datetime.utcfromtimestamp(start_time))
ip_file.close()
ip_cnt = int(len(ip_lines))

## Running
print("\n[ API Server - whois.cymru.com / whois.kisa.or.kr ]")
print(
    "-----------------------------------------------------------------------------------"
)
print("[*]\t[Search IP]\t[Cymru/KISA]\t[AS Name]")
print(
    "-----------------------------------------------------------------------------------"
)

for line in ip_lines:
    ip = socket.gethostbyname(line)
    c = Client()
    r = c.lookup(ip)
    a = r.owner
    f = re.findall("[A-Z]{2}", a)
    c = len(f)

    url = "http://whois.kisa.or.kr/openapi/whois.jsp?query=" + line + "&key=2018052409355407130895&answer=json"
    res = requests.get(url, verify=False)
    dict = json.loads(res.text)

    if f[c - 1] == "KR":
        kr_chk = "Korea"
        '''
        whois = open(save_file, "a",encoding="utf-8")
        whois.writelines("[Korea]\n")
        whois.close()
示例#47
0
## Doesn't work

from cymruwhois import Client
c=Client()

print 'enter filename'
filename = raw_input()
txt = open(filename)
print

f = open("output/list2asn.txt",'w')

for ip in txt:
	s = str((c.lookup(ip))) + '\n'
	f.write(s)
示例#48
0
文件: ip2asn.py 项目: heretogo/python
ip = raw_input()
from cymruwhois import Client
c=Client()
r=c.lookup(ip)
print r
示例#49
0
文件: jetplane.py 项目: 9b/jetplane
class jetplane:
    def __init__(self, host, port, db=False, logging="_"):
        self._log = utility.logger("jetplane", logging)
        self._host = host
        self._port = port
        self._proxy_ip = None
        self._whois_handle = Client()
        self._criteria = None
        self._max_tours = 0
        self._tours = 1
        self._takeoff_time = None
        self._errors = 0
        self._success = False
        self._trip_details = []
        self._db = db
        self._kill_bit = False

        if self._db:
            self._mongodb_handle = mongodb("127.0.0.1", "27017", "jetplane",
                                           "hanger", "INFO")
            self._mdb = self._mongodb_handle.get_con()

    def take_off(self, criteria, tours):
        self._takeoff_time = time.time()
        self._max_tours = tours + 1
        self._criteria = criteria.lower()
        self._log.info("Trip details: max tours - %d, local - %s" %
                       (self._max_tours, self._criteria))
        r = self._world_tour()
        return r

    def _world_tour(self):
        self._log.info("Baggage check number %d" % self._tours)
        time.sleep(3)  #naptime
        self._log.info("Tickets purchased to %s" % self._criteria)
        self._flush_addr()  #kill off any address we had before
        self._log.info("Safety and pre-flight checks")
        time.sleep(7)

        #accept 3 errors before ditching
        for i in range(0, 2):
            prox_run = self._proxy_check()  #see what TOR gave us
            if prox_run:
                break
            else:
                if i == 1:
                    return False

        for i in range(0, 2):
            who_run = self._whoami()  #pull out the decision
            if who_run:
                break
            else:
                if i == 1:
                    return False

        self._decide()  #did we land in the right area
        return True

    def _flush_addr(self):
        self._log.info("Boarding the plane")
        sout = Popen(['/etc/init.d/tor', 'restart'],
                     stdout=PIPE,
                     stderr=STDOUT).communicate()[0]

    def _proxy_check(self):
        self._headers = {
            'User-Agent':
            'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0',
            'Connection': 'Keep-Alive'
        }
        self._proxies = {"http": self._host + ":" + self._port}
        self._urls = [
            'http://whatismyipaddress.com/', 'http://www.whatsmyip.us/',
            'http://www.ipchicken.com/', 'http://www.whatsmyip.info/',
            'http://www.whatsmyip.in/', 'http://www.whatsmyip.cc/',
            'http://ipswift.com'
        ]
        self._url = self._urls[random.randint(0, len(self._urls) - 1)]
        self._log.info("Fetching address data from %s" % self._url)
        response = requests.get(self._url, proxies=self._proxies)
        if response.status_code == 200:
            try:
                self._proxy_ip = re.search(
                    r'((2[0-5]|1[0-9]|[0-9])?[0-9]\.){3}((2[0-5]|1[0-9]|[0-9])?[0-9])',
                    response.content).group()
                self._log.info("Query returned %s" % self._proxy_ip)
                return True
            except:
                self._log.error("Failed to find IP address using %s" %
                                self._url)
                self._errors += 1
                return False
        else:
            self._proxy_ip = "127.0.0.1"
            self._log.error("Query failed, flushing again")
            self._errors += 1
            return False

    def _whoami(self):
        try:
            self._whois_data = self._whois_handle.lookup(self._proxy_ip)
            self._addr_owner = self._whois_data.owner
            self._addr_asn = self._whois_data.asn
            self._addr_prefix = self._whois_data.prefix
            self._addr_cc = self._whois_data.cc
            return True
        except Exception, e:
            self._log.error("Failed to gather WHOIS for %s" % self._proxy_ip)
            self._log.info(str(e))
            self._errors += 1
            return False
示例#50
0
import socket
from cymruwhois import Client

ip = '100.10.1.63'
ip_2 = '102.164.120.10'
ip_3 = '102.80.10.106'
ip_4 = '102.80.101.132'

c = Client()
#instead of puting lookup(ip) in the loop and get weird results, instead use lookupmany(ips) to return the results
for r in c.lookupmany([ip, ip_2, ip_3, ip_4]):
    print r.owner

#using cymruwhois to convert ips to asn and country code on the commandline
#cymruwhois /home/Marting/Videos/work/ips.txt -f asn,cc > /home/Marting/Videos/work/cyrmu_output.txt
示例#51
0
    kmlheader = '<?xml version="1.0" encoding="UTF-8"?>\
    \n<kml xmlns="http://www.opengis.net/kml/2.2">\n<Document>\n'
    kmlfooter = '</Document>\n</kml>\n'


    kmldoc=kmlheader+plotIPs(iplistwithnullsremoved)+kmlfooter

    f = open('plot.kml', 'w')
    f.write(kmldoc)
    f.close()


if __name__ == "__main__":

    c=Client()
    gi = pygeoip.GeoIP('GeoIP.dat/GeoLiteCity.dat')

    #check for file and age, download if appropriate

    if os.path.isfile(csvfilename):
        filetimestamp = datetime.datetime.fromtimestamp(os.stat(csvfilename).st_mtime)
        delta = datetime.datetime.now() - filetimestamp

        if delta.days > 2:
            getupdatedlist()
    else:
        getupdatedlist()

    if os.path.isfile(csvfilename):
        malwarelist = readcsv(csvfilename)