def getfromip(ip): print("AS info for IP : " + ip) from cymruwhois import Client c = Client() r = c.lookup(ip) print(r.asn) print(r.owner)
def check_ns(domain="gouv.bj"): result = dns.resolver.resolve(domain, 'NS') ns_len = len(result) ns = [] for ipval in result: ns.append(ipval.to_text()) infos['INFO_NS'] = { 'list': ns, 'number': ns_len, } #Get localisation infos['INFO_NS']['ns_location'] = {} for name in ns: ip = socket.gethostbyname(name) response = requests.get('http://ip-api.com/json/'+ip) res = response.json() infos['INFO_NS']['ns_location'][name] = res['country']+", "+res['city'] # Check ASN if ns_len >= 2: asn = 0 for name in ns: ip = socket.gethostbyname(name) c = Client() r = c.lookup(ip) if asn == 0: asn = r.asn elif asn != r.asn: infos['INFO_NS']['same_asn'] = False else: asn = r.asn infos['INFO_NS']['same_asn'] = True
def main(): parser = optparse.OptionParser('%prog ' + \ '-r <ip_file> || -i <ip>') parser.add_option('-r', dest='ipfile', type='string',\ help='specify target file with ips') parser.add_option('-i', dest='ip', type='string',\ help='specify target with ip') (options, args) = parser.parse_args() ip = options.ip ipfile = options.ipfile if ip == None and ipfile == None: print parser.print_help() exit(1) if ip and ipfile : print parser.usage exit(1) if ipfile != None: ip_list = get_ips(ipfile) look(ip_list) else: c = Client() try: try: r = c.lookup(ip) except Exception as e:print e pt = r[ip].prefix + " ------> " + r[ip].ip + "\n" + \ r[ip].cc + "\t" + r[ip].owner print pt + "\n" + "-"*60 except Exception as e: print e
def main(): parser = optparse.OptionParser('%prog ' + \ '-r <file_with IPs> || -i <IP>') parser.add_option('-r', dest='ips', type='string', \ help='specify target file with IPs') parser.add_option('-i', dest='ip', type='string', \ help='specify a target IP address') (options, args) = parser.parse_args() ip = options.ip # Assigns a -i <IP> to variable 'ip' global ips; ips = options.ips # Assigns a -r <fileName> to variable 'ips' if (ips == None) and (ip == None): # If proper arguments aren't given print the script usage print parser.usage sys.exit(0) if ips != None: # Execute if ips has a value checkFile(ips) # Execute the function to check if the file can be read iplist = [] # create the ipslist list object for line in open(ips, 'r'): # Parse File to create a list iplist.append(line.strip('\n')) # Appends that line in the file to list and removes the new line char look(iplist) # pass the iplist list object to the look() function else: # Executes lookup() function for a single IP stored in variable 'ip' try: c = Client() r = c.lookup(ip) net = r.prefix; owner = r.owner; cc = r.cc line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner) print line except:pass
def look(iplist): time.sleep(2) # delays for 2 seconds c = Client() # creates an instance of the Client class try: # print 'here before != None' # print iplist # if ips != None: if iplist != None: print 'here after !=None' print iplist time.sleep(2) # r = c.lookupmany_dict('8.8.8.8') r = c.lookupmany_dict( iplist ) # leverages the lookupmany_dict() function to pass in a list of IPs for ip in iplist: # Iterates over the ips in the list to use a key value in the dictionary from lookupman_dict() time.sleep(2) # delays for 2 seconds print " ip here " + ip net = r[ip].prefix owner = r[ip].owner cc = r[ ip].cc # gets the networking information from the dictionary # print net line = '%-20s # - %15s (%s) - %s' % ( net, ip, cc, owner) # formats the line to print cleanly print line except: pass
def getfromhostname(hostname): print("AS info for hostname :" + hostname) ip = socket.gethostbyname(hostname) from cymruwhois import Client c = Client() r = c.lookup(ip) print(r.asn) print(r.owner)
def look(iplist): c=Client() # creates an instance of the Client class try: r = c.lookupmany_dict(iplist) # leverages the lookupmany_dict() function to pass in a list of IPs for ip in iplist: # Iterates over the ips in the list to use a key value in the returned dictionary from lookupman_dict() net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc # gets the networking information from the dictionary line = '%-20s # - %15s (%s) - %s' % (ip,net,cc,owner) # formats the line to print cleanly print line except:pass
def getTraceRoute(jsonFile): import json import sys import pygeoip from AtlasUtils import * from cymruwhois import Client c=Client() inFile = jsonFile outFile = "tmpASPath.txt" my_file = open(outFile, "w") asnDict = open("asnDict.txt","w") with open(inFile) as data_file: data = json.load(data_file) ### use GeoIPASNum.dat if system is not connected to Internet. This is a offline database of ip-to-AS mapping gi = pygeoip.GeoIP('GeoIPASNum.dat') # if is_valid_ipv4(data[0]["from"]): gi = pygeoip.GeoIP('GeoIPASNum.dat') else : gi = pygeoip.GeoIP('GeoIPASNumv6.dat') for index in range(len(data)): tmpASPath = "" for cnt in range(len(data[index]["result"])): if data[index]["result"][cnt].has_key("error"): print data[index]["result"][cnt]["error"] else: for resultrttindex in range(len(data[index]["result"][cnt]["result"])): #print data[index]["result"][cnt]["result"][resultrttindex] from_val = "*" asn_val = False if data[index]["result"][cnt]["result"][resultrttindex].has_key("from"): from_val = data[index]["result"][cnt]["result"][resultrttindex]["from"] tmp = "None" r=c.lookup(from_val) asn_val = r.asn+"$"+r.owner print "%s :--> %s" % (from_val, asn_val) if isinstance(asn_val, str) and not 'NA' in asn_val: asnDict.write(asn_val+"\n") if isinstance(asn_val, str) and not 'NA' in asn_val: s = tmpASPath.split(" ") if not s[len(s)-2] == r.asn: tmpASPath = tmpASPath + r.asn + " " my_file.write(tmpASPath + "\n") my_file.close() asnDict.close()
def api(ip): c = Client() r = c.lookup(ip) print(r.asn) print(r.owner) asno = r.asn #as number asname = r.owner #as name res = jsonify(ASN=asno, AS=asname) return res
def use_ip_to_get_isp(ip): ''' This might be redundant on the previous ip lookup, but the owner output seems to have a might better consistenciy ''' c = Client() # should probably pull this out of here so not to create it each time r = c.lookup(ip) # print r.asn # print r.owner return {'isp_name': r.owner}
def tryWhoIs(ip_addr): try: c = Client() r = c.lookup(ip_addr) name = r.owner except: name = "unknown" return name
def get_isp(ip): ''' Gets the isp name for the ip Much faster than the ipwhois lookup, but there is no "organization" field. ip: an ip address parsed out of the log file. Returns: dict containing isp name for the ip ''' c = Client() # should probably pull this out of here so not to create it each time r = c.lookup(ip) return {'isp_name': r.owner}
def look(iplost): c=Client() # create instance of client class try: if ips != None: r = c.lookupmany_dict(iplist) # uses lookupmany_dict() function to pass in a list of IPs for ip in iplist: net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc # gets network info from dict line = '%-20s # - %15s (%s) - %s' % (net,ip,cc,owner) # formats the line to print print line except:pass
def get_asn(ip): """use cymruwhois by default instead of pyasn input ip address as string, return ASN and AS owner""" if ip: c = Client() try: r = c.lookup(ip) return r.asn, r.owner except Exception as e: print("Error finding ASN for " + ip) return False, False
def look(iplist): c = Client() # creates an instance of the Client class try: if ips != None: r = c.lookupmany_dict(iplist) # leverages the lookupmany_dict() function to pass in a list of IPs for ip in iplist: # Iterates over the ips in the list to use a key value in the dictionary from lookupman_dict() net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc # gets the networking information from the dictionary line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner) # formats the line to print cleanly print line except:pass
def net_lookup(ips): try: c=Client() ips = list(set(ips)) # uniq IPs r = c.lookupmany_dict(ips) for ip in ips: net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc line = '%-20s # - %15s (%s) - %s' % (ip,net,cc,owner) print line except Exception as e: print e
def look(ip_list): c = Client() try: r = c.lookupmany_dict(ip_list) for ip in ip_list: pt = r[ip].prefix + " ------> " + r[ip].ip + "\n" + \ r[ip].cc + "\t" + r[ip].owner print pt + "\n" + "-"*60 except Exception as e: print e pass
def whoisrecord(ip): currenttime = time.time() ts = currenttime if ip in whois: ASN,ts = whois[ip] else: ts = 0 if ((currenttime - ts) > 36000): C = Client() ASN = C.lookup(ip) whois[ip] = (ASN,currenttime) return ASN
def whoisrecord(ip): currenttime = time.time() ts = currenttime if ip in whois: ASN, ts = whois[ip] else: ts = 0 if ((currenttime - ts) > 36000): C = Client() ASN = C.lookup(ip) whois[ip] = (ASN, currenttime) return ASN
def get_asn(ip): """ Gets asnum for ip using Cymru's API (https://pythonhosted.org/cymruwhois/api.html) Stores in cache for future use using the lru_cache decorator :param ip: :return: asnum info """ client = Client() result = client.lookup(ip) return result.asn
def net_lookup(ips): try: c = Client() ips = list(set(ips)) # uniq IPs r = c.lookupmany_dict(ips) for ip in ips: net = r[ip].prefix owner = r[ip].owner cc = r[ip].cc line = '%-20s # - %15s (%s) - %s' % (ip, net, cc, owner) print line except Exception as e: print e
def whoisrecord(ip): try: currenttime = time.time() ts = currenttime if ip in whois: ASN,ts = whois[ip] else: ts = 0 if ((currenttime - ts) > 36000): c = Client() ASN = c.lookup(ip) whois[ip] = (ASN,currenttime) return ASN except Exception as e: return e
def domain(fqdn, rid): # mongodb connect intel_db = MongoClient('127.0.0.1', 27017).intel collection = intel_db.collection print '####### cymru.ipv4 #######' if collection.find_one({ '$and': [{ "rid": str(rid) }, { "fqdn": str(fqdn) }, { "cc": { "$exists": True } }] }) != None: print '\t####### [cymru.domain] already registed [%s] #######' % str( fqdn) else: print '\t####### for new registration [%s] #######' % str(fqdn) # cymru whois lookup ip = socket.gethostbyname(fqdn) c = Client() r = c.lookup(ip) ele = collection.find_one( {'$and': [{ "fqdn": str(fqdn) }, { "rid": str(rid) }]}) if ele == None: # regist db result = { "fqdn": str(fqdn), "ip": str(ip), "owner": str(r.owner), "cc": str(r.cc), "rid": str(rid) } collection.insert_one(result) else: # add db ele["owner"] = str(r.owner) ele["cc"] = str(r.cc) collection.save(ele)
class Traceroute: def __init__(self): self.client = Client() def run(self) -> NoReturn: server = self.parse_args() ips = self.get_ip_list(server) print(tabulate([[ip, *self.get_ip_info(ip)] for ip in ips], headers=['IP', 'ASN', 'Owner', 'Country'], tablefmt='grid')) def get_ip_list(self, server: str) -> List[str]: ips = [] sub = subprocess.run(['traceroute', server], stdout=subprocess.PIPE) for line in sub.stdout.decode().split('\n')[1:]: ip = self.extract_ip(line) if ip: ips.append(ip) return ips def get_ip_info(self, ip: str) -> Tuple[int, str, str]: r = self.client.lookup(ip) return r.asn, r.owner, r.cc @staticmethod def extract_ip(line: str) -> Optional[str]: s = re.search(IP_PATTERN, line) return s.group(0) if s else None @staticmethod def parse_args() -> str: parser = argparse.ArgumentParser() parser.add_argument('server', type=str, help='Destination URL/IP') args = parser.parse_args() return args.server
def net_lookup(ips, results_file): try: c = Client() ips = list(set(ips)) # uniq IPs r = c.lookupmany_dict(ips) cidrs = [] for ip in ips: cidrs.append(r[ip].prefix) cidrs = list(set(cidrs)) # uniq CIDRs cidr_results = ", ".join(cidrs) print "[+] Found Results in CIDRs: " + cidr_results if results_file: results_file.write("[+] Found Results in CIDRs: " + cidr_results + "\n") except Exception as e: print e
def main(): parser = optparse.OptionParser('%prog ' + '-r <file_with IPs> || -i <IP>') parser.add_option('-r', dest='ips', type='string', help='specify target file with IPs') parser.add_option('-i', dest='ip', type='string', help='specify a target IP address') (options, args) = parser.parse_args() ip = options.ip # Assigns a -i <IP> to variable 'ip' global ips ips = options.ips # Assigns a -r <fileName> to variable 'ips' if (ips == None) and ( ip == None ): # If proper arguments aren't given print the script usage print parser.usage sys.exit(0) if ips != None: # Execute if ips has a value # print "ips is not empty here " + ips checkFile(ips) # Execute the function to check if the file can be read iplist = [] # create the ipslist list object for line in open(ips, 'r'): # Parse File to create a list # iplist.append(line.strip("'" + "\r\n" + "'")) iplist.append( line.strip("\r\n") ) # Appends that line in the file to list and removes the new line char # iplist.append(line.strip('n')) print "line not empty " + line print iplist look(iplist) # pass the iplist list object to the look() function elif ip != None: try: print "here ip not empty " + ip c = Client() r = c.lookup(ip) net = r.prefix owner = r.owner cc = r.cc print net line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner) print line except: pass
def build_ip_db(unique_ips): ''' Builds up a db of ip addresses that were in the server logs. unique_ips: set of ip's that were seen in the server logs Returns: the ip db with 'isp_name', 'latitude and 'longitude' ''' c = Client() ip_db = shelve.open(opj(data_dir, 'ip.db')) # NOTE again, this might get too big and blow everything up unique_ips = [ip for ip in unique_ips if ip not in ip_db] # if we have stuff in ip.db already from a previous run ips_fetching = 'Fetching info for this many IPs: {}'.format(len(unique_ips)) print ips_fetching logging.info(ips_fetching) for subset_of_unique_ips in split_list_into_chunks(unique_ips, 10000): # only do 10,000 ip's at a time for ip_addr, ip_info_dict in c.lookupmany_dict(subset_of_unique_ips).iteritems(): lat, lon = get_lat_and_long(ip_addr) # NOTE maybe take this out so the shelve doesn't ballon too big ip_db[ip_addr] = {'isp_name': ip_info_dict.owner, # 'organization': ??? -- would probably need to pull out from whois, but slow and messy 'latitude': lat, 'longitude': lon} return ip_db
def __init__(self, host, port, db=False, logging="_"): self._log = utility.logger("jetplane", logging) self._host = host self._port = port self._proxy_ip = None self._whois_handle = Client() self._criteria = None self._max_tours = 0 self._tours = 1 self._takeoff_time = None self._errors = 0 self._success = False self._trip_details = [] self._db = db self._kill_bit = False if self._db: self._mongodb_handle = mongodb("127.0.0.1", "27017", "jetplane", "hanger", "INFO") self._mdb = self._mongodb_handle.get_con()
def get_asn_mapping(ip_list): ''' Calls the cymru api service to get ASN from a given IP and checks if its from Bell :param ip_list: A list of ips to get asn information from :type ip_list: list of str :return mapping: Returns a dictionary with key value pairs of (ip:asn_info) :rtype mapping: dict ''' mapping = {} client = Client() try: # If the length of the list is 1, do a solo api call if len(ip_list) == 1: # Incase the api call returns special characters, catch error and set none try: result = client.lookup(ip_list[0]) is_bell = result.asn in CONFIG['bell_asn'].keys() mapping.update( {ip_list[0]: { 'asn': result.asn, 'is_bell': is_bell }}) return mapping except UnicodeDecodeError: mapping.update({ip_list[0]: {'asn': None, 'is_bell': None}}) return mapping for idx, result in enumerate(client.lookupmany(ip_list)): is_bell = result.asn in CONFIG['bell_asn'].keys() mapping.update( {ip_list[idx]: { 'asn': result.asn, 'is_bell': is_bell }}) return mapping except UnicodeDecodeError: # Split list and recall function to find invalid api call and rejoin mapping_a = get_asn_mapping(ip_list[:len(ip_list) // 2]) mapping_b = get_asn_mapping(ip_list[len(ip_list) // 2:]) mapping_c = mapping_a.copy() mapping_c.update(mapping_b) return mapping_c
def main(): global numcnt numcnt = 0 numcnt = int(numcnt) parser = optparse.OptionParser('%prog ' + '-r <file_with IPs> || -i <IP>') parser.add_option('-r', dest='ips', type='string', help='specify target file with IPs') parser.add_option('-i', dest='ip', type='string', help='specify a target IP address') (options, args) = parser.parse_args() ip = options.ip # Assigns a -i <IP> to variable 'ip' global ips ips = options.ips # Assigns a -r <fileName> to variable 'ips' # checkFile(ips) if ip != None: try: c = Client() r = c.lookup(ip) net = r.prefix owner = r.owner cc = r.cc line = '%-20s # - %15s (%s) - %s' % (net, ip, cc, owner) print line return except: pass if ips != None: try: checkFile(ips) iplist = [] for line in open(ips, 'r'): cnt += 1 iplist.append(line.strip("\r\n")) look(iplist, cnt) except: pass
def add(): print(request.form['textareaInput']) fstring=request.form['textareaInput'] originalstring=request.form['textareaInput'] ip = re.findall( r'[0-9]+(?:\.[0-9]+){3}', fstring ) # extracting the IP addresses lst=[] c = Client() for index,item in enumerate(ip): r = c.lookup(ip[index]) #print(r.asn) if r.asn != 'NA': print(r.asn, index, ip[index], r.owner) lst.append([index,ip[index],r.asn,r.owner,r.cc]) #1 -index, 2-ip, 3-Asnumber, 4-Asname, 5-Location #print(lst) for i in lst: #print(i[1])#printing ips fstring = fstring.replace(i[1],'<a class="toolTipInfo" data-toggle="tooltip" title="AS number: '+i[2]+'
AS name: '+i[3]+'
Location: '+i[4]+'">'+i[1]+'</a>') fstring = fstring.replace('\n','<br>') #format to html uuid.uuid4() struuid = str(uuid.uuid4()) uniqueid = uuid.uuid4().hex con = sqlite3.connect(DATABASE) cur = con.cursor() cur.execute("INSERT INTO pastes (paste, pasteparsed, routeid) VALUES (?,?,?)",(originalstring,fstring,uniqueid) ) con.commit() cur.execute("select * from pastes") users = cur.fetchall(); print(users) con.close() return redirect("/paste/"+uniqueid)
def getAsForDomains(domain): ips = [] # get all ips for ip in domain['ipaddr']: theip = ip['ipaddr'] ips.append(theip) # lookup all ips c=Client() resp = c.lookupmany(ips) # find original ip again for r in resp: for ip in domain['ipaddr']: if ip['ipaddr'] == r.ip: ip['ipaddr'] = r.ip ip['cc'] = r.cc ip['asn'] = r.asn ip['asnowner'] = r.owner print " AS: " + r.asn + " / " + r.owner
class Lookup(object): asndb = None def __init__(self, pyasn_file=None): if pyasn_file: self.asndb = pyasn(pyasn_file) self.whois = Client() def lookup(self, ip): if self.asndb: asn = self.asndb.lookup(ip)[0] if asn: return str(asn) else: return self.whois.lookup(ip).asn
def get_aspath(sagan_results, pyasn_file=None): '''sort throught traceroute results. it converts the ip address of each hop in the traceroute to create and as hop path. if pyasn_file is passed us that as the ipasn DB file. otherwise use tc whois''' if pyasn_file: asndb = pyasn(pyasn_file) def _lookup(ip): asn = asndb.lookup(ip)[0] if asn: return str(asn) else: whois = Client() def _lookup(ip): return whois.lookup(ip).asn asn_paths = [] for result in sagan_results: if result.is_error: logging.error('{}: {}'.format(result, result.error_message)) continue asn_path = [] logging.debug('Checking: {}'.format(result.source_address)) msm_asn = _lookup(result.source_address) if msm_asn: logging.debug('Adding: {}'.format(msm_asn)) asn_path.append(msm_asn) for hop in result.hops: for packet in hop.packets: if packet.origin: logging.debug('Checking: {}'.format(packet.origin)) asn = _lookup(packet.origin) if asn and asn != asn[-1]: logging.debug('Adding: {}'.format(asn)) asn_path.append(asn) break logging.info('Found path: {}'.format(asn_path)) asn_paths.append(asn_path) return asn_paths
#!/usr/bin/python from cymruwhois import Client import sys #log file location hard coded, change to suit environment logfile = open('/var/log/honeypot/honeyd.log','r') source = [] for line in logfile: source.append(line.split(' ')[3]) src_country = [] src_count = [] c = Client() results = c.lookupmany_dict( set(source) ) for res in results: country = results[res].cc try: pos = src_country.index( country ) src_count[pos] += 1 except: src_country.append( country ) src_count.append( 1 ) for i in range( 0, ( len( src_country ) - 1 ) ): sys.stdout.write( "%s:\t%i\n" %( src_country[i], src_count[i] ) )
web_user = None web_pass = None proxy_user = None proxy_pass = None delay = 0 name_lookup = False salt = False backup_salt = False urlencode = False shut_up = False web_lookup = False email_lookup = False google_dict_search = False google_query_dict = False whois = False whois_client = WhoisClient() web_client = httplib2.Http() ###[ Subroutines def usage(): """ Guess what ;) """ print "Chaosmap " + version print "Coded by Bastian Ballmann" print "http://www.datenterrorist.de\n" print "Usage: " + sys.argv[0] + """ -b <base_url> -B(ackup salt)
# SOFTWARE. # Tip jars! # Bitcoin Cash (BCH) qpz32c4lg7x7lnk9jg6qg7s4uavdce89myax5v5nuk # Ether (ETH) - 0x843d3DEC2A4705BD4f45F674F641cE2D0022c9FB # Litecoin (LTC) - Lfk5y4F7KZa9oRxpazETwjQnHszEPvqPvu # Bitcoin (BTC) - 34L8qWiQyKr8k4TnHDacfjbaSqQASbBtTd #Created by https://github.com/tg12 import requests import re import tabulate from fake_useragent import UserAgent from cymruwhois import Client c = Client() ua = UserAgent() headers = { 'User-Agent': ua.random, } ips_to_check = [] ip_data = [] lists_to_agg = [ "https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/091/590/original/ip_filter.blf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20200503%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200503T173407Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=10feb0d139742092e98186a296d30ada45ee9081777ab8197d0c5daf0308384b", "http://talosintel.com/feeds/ip-filter.blf", "https://reputation.alienvault.com/reputation.generic", "https://www.matthewroberts.io/api/threatlist/latest", "https://threatintel.stdominics.sa.edu.au/", "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt",
def __init__(self): self.client = Client()
def asn_lookup(asn): cymru_client = Client() req = cymru_client.lookup("AS" + asn) cc_data = req.cc return cc_data
class jetplane: def __init__(self, host, port, db=False, logging="_"): self._log = utility.logger("jetplane", logging) self._host = host self._port = port self._proxy_ip = None self._whois_handle = Client() self._criteria = None self._max_tours = 0 self._tours = 1 self._takeoff_time = None self._errors = 0 self._success = False self._trip_details = [] self._db = db self._kill_bit = False if self._db: self._mongodb_handle = mongodb("127.0.0.1", "27017", "jetplane", "hanger", "INFO") self._mdb = self._mongodb_handle.get_con() def take_off(self, criteria, tours): self._takeoff_time = time.time() self._max_tours = tours + 1 self._criteria = criteria.lower() self._log.info("Trip details: max tours - %d, local - %s" % (self._max_tours, self._criteria)) r = self._world_tour() return r def _world_tour(self): self._log.info("Baggage check number %d" % self._tours) time.sleep(3) # naptime self._log.info("Tickets purchased to %s" % self._criteria) self._flush_addr() # kill off any address we had before self._log.info("Safety and pre-flight checks") time.sleep(7) # accept 3 errors before ditching for i in range(0, 2): prox_run = self._proxy_check() # see what TOR gave us if prox_run: break else: if i == 1: return False for i in range(0, 2): who_run = self._whoami() # pull out the decision if who_run: break else: if i == 1: return False self._decide() # did we land in the right area return True def _flush_addr(self): self._log.info("Boarding the plane") sout = Popen(["/etc/init.d/tor", "restart"], stdout=PIPE, stderr=STDOUT).communicate()[0] def _proxy_check(self): self._headers = { "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0", "Connection": "Keep-Alive", } self._proxies = {"http": self._host + ":" + self._port} self._urls = [ "http://whatismyipaddress.com/", "http://www.whatsmyip.us/", "http://www.ipchicken.com/", "http://www.whatsmyip.info/", "http://www.whatsmyip.in/", "http://www.whatsmyip.cc/", "http://ipswift.com", ] self._url = self._urls[random.randint(0, len(self._urls) - 1)] self._log.info("Fetching address data from %s" % self._url) response = requests.get(self._url, proxies=self._proxies) if response.status_code == 200: try: self._proxy_ip = re.search( r"((2[0-5]|1[0-9]|[0-9])?[0-9]\.){3}((2[0-5]|1[0-9]|[0-9])?[0-9])", response.content ).group() self._log.info("Query returned %s" % self._proxy_ip) return True except: self._log.error("Failed to find IP address using %s" % self._url) self._errors += 1 return False else: self._proxy_ip = "127.0.0.1" self._log.error("Query failed, flushing again") self._errors += 1 return False def _whoami(self): try: self._whois_data = self._whois_handle.lookup(self._proxy_ip) self._addr_owner = self._whois_data.owner self._addr_asn = self._whois_data.asn self._addr_prefix = self._whois_data.prefix self._addr_cc = self._whois_data.cc return True except Exception, e: self._log.error("Failed to gather WHOIS for %s" % self._proxy_ip) self._log.info(str(e)) self._errors += 1 return False
def __init__(self, pyasn_file=None): if pyasn_file: self.asndb = pyasn(pyasn_file) self.whois = Client()
def process_pcaps(pcap_file): aggr_dict = {} ROWS = 256 COLUMNS = 256 sport_grid = [] for row in range(ROWS): sport_grid.append([]) for column in range(COLUMNS): sport_grid[row].append(0) dport_grid = [] for row in range(ROWS): dport_grid.append([]) for column in range(COLUMNS): dport_grid[row].append(0) print("Reading pcap file " + pcap_file + "...") sys.stdout.flush() proto_dict = {17: 'UDP', 6: 'TCP'} ip_dports = {} packet_count = 0 start_time = None end_time = None with PcapReader(pcap_file) as packets: for packet in packets: try: if (IP in packet) and (packet.proto in proto_dict.keys()): if packet_count == 0: start_time = packet.time else: end_time = packet.time packet_count += 1 proto_name = proto_dict[packet.proto] l3 = packet['IP'] l4 = packet[proto_name] if (l3.src != '0.0.0.0' and l3.src != '255.255.255.255' and l3.dst != '0.0.0.0' and l3.dst != '255.255.255.255'): if l3.src not in aggr_dict: aggr_dict[l3.src] = {} if l3.dst not in aggr_dict[l3.src]: aggr_dict[l3.src][l3.dst] = 0 aggr_dict[l3.src][l3.dst] += len(packet.payload) # get ports if l3.src not in ip_dports: ip_dports[l3.src] = [] ip_dports[l3.src].append(l4.dport) except: # packet failed to parse, skipping pass print("done") ROWS = 289 COLUMNS = 289 private_grid = [] for row in range(ROWS): private_grid.append([]) for column in range(COLUMNS): private_grid[row].append([0, 0]) private_map = populate_1918_space() ROWS = 256 COLUMNS = 256 asn_dict = {} c = Client() for host in aggr_dict: if len(aggr_dict[host]) > 1: # get sent bytes print("host: {0}".format(host)) with open('www/static/img/maps/manifest.txt', 'a+') as f: f.write(pcap_file.split("/")[-1] + ": " + host + "\n") for port in ip_dports[host]: dport_grid[int(port / ROWS)][port % ROWS] = 1 for peer in aggr_dict[host]: try: r = c.lookup(peer) if not r.asn: if not r.cc: # RFC 1918, etc. #print "peer:", peer, "bytes out :", aggr_dict[host][peer] priv_arr = private_map[".".join( peer.split(".")[:-1])] private_grid[priv_arr[0]][ priv_arr[1]][1] += aggr_dict[host][peer] else: print( "found public IP without an ASN: {0} bytes out: {1}" .format(peer, aggr_dict[host][peer])) else: # public ip space if r.asn in asn_dict: asn_dict[ r.asn]['bytes_out'] += aggr_dict[host][peer] else: asn_dict[r.asn] = { 'owner': r.owner, 'bytes_out': aggr_dict[host][peer], 'bytes_in': 0 } except Exception as e: print("{0} FAILED TO LOOKUP ASN".format(peer)) print(str(sys.exc_info()[0]) + str(e)) else: if host in ip_dports: for port in ip_dports[host]: sport_grid[int(port / ROWS)][port % ROWS] = 2 # get received bytes dst = None # there is only one to loop through for d in aggr_dict[host]: dst = d try: r = c.lookup(host) if not r.asn: if not r.cc: # RFC 1918, etc. #print "peer:", host, "bytes in:", aggr_dict[host][dst] priv_arr = private_map[".".join(host.split(".")[:-1])] private_grid[priv_arr[0]][ priv_arr[1]][0] += aggr_dict[host][dst] else: print( "found public IP without an ASN: {0} bytes out: {1}" .format(host, aggr_dict[host][dst])) else: # public ip space if r.asn in asn_dict: asn_dict[r.asn]['bytes_in'] += aggr_dict[host][dst] else: asn_dict[r.asn] = { 'owner': r.owner, 'bytes_in': aggr_dict[host][dst], 'bytes_out': 0 } except Exception as e: print("{0} FAILED TO LOOKUP ASN".format(host)) print(str(sys.exc_info()[0]) + str(e)) asn_grid = [] for row in range(ROWS): asn_grid.append([]) for column in range(COLUMNS): asn_grid[row].append([0, 0]) for asn in asn_dict: try: asn_num = int(asn) if asn_num < 65536: asn_grid[int(asn_num / ROWS)][asn_num % ROWS] = [ asn_dict[asn]['bytes_in'], asn_dict[asn]['bytes_out'] ] else: print( "ALERT!!!! high external asn: {0} asn owner: {1} total bytes sent: {2} total bytes received: {3}" .format(asn, asn_dict[asn]['owner'], asn_dict[asn]['bytes_out'], asn_dict[asn]['bytes_in'])) except Exception as e: print(str(e)) return asn_grid, private_grid, sport_grid, dport_grid, packet_count, humanize.naturaldelta( datetime.utcfromtimestamp(end_time) - datetime.utcfromtimestamp(start_time))
ip_file.close() ip_cnt = int(len(ip_lines)) ## Running print("\n[ API Server - whois.cymru.com / whois.kisa.or.kr ]") print( "-----------------------------------------------------------------------------------" ) print("[*]\t[Search IP]\t[Cymru/KISA]\t[AS Name]") print( "-----------------------------------------------------------------------------------" ) for line in ip_lines: ip = socket.gethostbyname(line) c = Client() r = c.lookup(ip) a = r.owner f = re.findall("[A-Z]{2}", a) c = len(f) url = "http://whois.kisa.or.kr/openapi/whois.jsp?query=" + line + "&key=2018052409355407130895&answer=json" res = requests.get(url, verify=False) dict = json.loads(res.text) if f[c - 1] == "KR": kr_chk = "Korea" ''' whois = open(save_file, "a",encoding="utf-8") whois.writelines("[Korea]\n") whois.close()
## Doesn't work from cymruwhois import Client c=Client() print 'enter filename' filename = raw_input() txt = open(filename) print f = open("output/list2asn.txt",'w') for ip in txt: s = str((c.lookup(ip))) + '\n' f.write(s)
ip = raw_input() from cymruwhois import Client c=Client() r=c.lookup(ip) print r
class jetplane: def __init__(self, host, port, db=False, logging="_"): self._log = utility.logger("jetplane", logging) self._host = host self._port = port self._proxy_ip = None self._whois_handle = Client() self._criteria = None self._max_tours = 0 self._tours = 1 self._takeoff_time = None self._errors = 0 self._success = False self._trip_details = [] self._db = db self._kill_bit = False if self._db: self._mongodb_handle = mongodb("127.0.0.1", "27017", "jetplane", "hanger", "INFO") self._mdb = self._mongodb_handle.get_con() def take_off(self, criteria, tours): self._takeoff_time = time.time() self._max_tours = tours + 1 self._criteria = criteria.lower() self._log.info("Trip details: max tours - %d, local - %s" % (self._max_tours, self._criteria)) r = self._world_tour() return r def _world_tour(self): self._log.info("Baggage check number %d" % self._tours) time.sleep(3) #naptime self._log.info("Tickets purchased to %s" % self._criteria) self._flush_addr() #kill off any address we had before self._log.info("Safety and pre-flight checks") time.sleep(7) #accept 3 errors before ditching for i in range(0, 2): prox_run = self._proxy_check() #see what TOR gave us if prox_run: break else: if i == 1: return False for i in range(0, 2): who_run = self._whoami() #pull out the decision if who_run: break else: if i == 1: return False self._decide() #did we land in the right area return True def _flush_addr(self): self._log.info("Boarding the plane") sout = Popen(['/etc/init.d/tor', 'restart'], stdout=PIPE, stderr=STDOUT).communicate()[0] def _proxy_check(self): self._headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0', 'Connection': 'Keep-Alive' } self._proxies = {"http": self._host + ":" + self._port} self._urls = [ 'http://whatismyipaddress.com/', 'http://www.whatsmyip.us/', 'http://www.ipchicken.com/', 'http://www.whatsmyip.info/', 'http://www.whatsmyip.in/', 'http://www.whatsmyip.cc/', 'http://ipswift.com' ] self._url = self._urls[random.randint(0, len(self._urls) - 1)] self._log.info("Fetching address data from %s" % self._url) response = requests.get(self._url, proxies=self._proxies) if response.status_code == 200: try: self._proxy_ip = re.search( r'((2[0-5]|1[0-9]|[0-9])?[0-9]\.){3}((2[0-5]|1[0-9]|[0-9])?[0-9])', response.content).group() self._log.info("Query returned %s" % self._proxy_ip) return True except: self._log.error("Failed to find IP address using %s" % self._url) self._errors += 1 return False else: self._proxy_ip = "127.0.0.1" self._log.error("Query failed, flushing again") self._errors += 1 return False def _whoami(self): try: self._whois_data = self._whois_handle.lookup(self._proxy_ip) self._addr_owner = self._whois_data.owner self._addr_asn = self._whois_data.asn self._addr_prefix = self._whois_data.prefix self._addr_cc = self._whois_data.cc return True except Exception, e: self._log.error("Failed to gather WHOIS for %s" % self._proxy_ip) self._log.info(str(e)) self._errors += 1 return False
import socket from cymruwhois import Client ip = '100.10.1.63' ip_2 = '102.164.120.10' ip_3 = '102.80.10.106' ip_4 = '102.80.101.132' c = Client() #instead of puting lookup(ip) in the loop and get weird results, instead use lookupmany(ips) to return the results for r in c.lookupmany([ip, ip_2, ip_3, ip_4]): print r.owner #using cymruwhois to convert ips to asn and country code on the commandline #cymruwhois /home/Marting/Videos/work/ips.txt -f asn,cc > /home/Marting/Videos/work/cyrmu_output.txt
kmlheader = '<?xml version="1.0" encoding="UTF-8"?>\ \n<kml xmlns="http://www.opengis.net/kml/2.2">\n<Document>\n' kmlfooter = '</Document>\n</kml>\n' kmldoc=kmlheader+plotIPs(iplistwithnullsremoved)+kmlfooter f = open('plot.kml', 'w') f.write(kmldoc) f.close() if __name__ == "__main__": c=Client() gi = pygeoip.GeoIP('GeoIP.dat/GeoLiteCity.dat') #check for file and age, download if appropriate if os.path.isfile(csvfilename): filetimestamp = datetime.datetime.fromtimestamp(os.stat(csvfilename).st_mtime) delta = datetime.datetime.now() - filetimestamp if delta.days > 2: getupdatedlist() else: getupdatedlist() if os.path.isfile(csvfilename): malwarelist = readcsv(csvfilename)