def _rezo(): _html = [] _ip = _get_ip() _html.extend([ '<center><h1 name=ip>', _ip, '</h1><br>' ]) if _ip != '127.0.0.1' and _ip != '172.17.0.1': if not IPAddress(_ip).is_private(): _ip_info = IPWhois(_ip).lookup_rdap(depth=1) _entity = _ip_info.get('entities')[0] _html.extend([ _ip_info.get('network').get('name'), "<br>", _ip_info.get('network').get('cidr'), "<br>", _ip_info.get('network').get('handle'), "<br>", _ip_info.get('network').get('links')[0], "<br>" ]) _html.append(_ip_info.get('objects').get(_entity).get('contact').get('address')[0].get('value')) _html.extend(['<p>SEDME<p>']) return _html
def _rezo(): _html = [] if request.headers.getlist("X-Forwarded-For"): _ip = request.headers.getlist("X-Forwarded-For")[0] else: _ip = request.remote_addr _html.extend([ "<center><h1 name=ip>", _ip, "</h1><p><br>" ]) if _ip != "127.0.0.1": if not IPAddress(_ip).is_private(): _ip_info = IPWhois(_ip).lookup_rdap(depth=1) _entity = _ip_info.get('entities')[0] _html.extend([ _ip_info.get('network').get('name'), "<br>", _ip_info.get('network').get('cidr'), "<br>", _ip_info.get('network').get('handle'), "<br>", _ip_info.get('network').get('links')[0], "<br>" ]) _html.append(_ip_info.get('objects').get(_entity).get('contact').get('address')[0].get('value')) return _html
def check_ip(ip): from app.models.models import Ip ip_inst = db_session.session.query(Ip).get(ip) if ip_inst: return ip_inst ip_data = IPWhois(ip).lookup() ip_inst = Ip(ip=ip, provider_id=_get_provider(ip_data.get('asn')), country_id=ip_data['nets'][0]['country'], description=ip_data['nets'][0]['description']) db_session.session.add(ip_inst) return ip_inst
def get_ip_list(ip): ip_list = [] resp = IPWhois(ip).lookup_whois() if not resp: return ip_list network_address = resp.get("nets", {}) if not network_address: return ip_list ip_range_string = network_address[0]["range"] if not ip_range_string: return ip_list ip_list = ip_range_string.split("-") return ip_list
def get_asn(ip_address): """ Get the ASN from the IP address if this one is global :param ip_address: :return: """ try: ip_address = ipaddress.ip_address(ip_address) if not ip_address.is_global: return asn_lookup = IPWhois(ip_address.compressed).ipasn.lookup() if not asn_lookup: return return asn_lookup.get("asn") except ValueError: return
def get_registrant(cidr): ip = cidr.split("/")[0] with warnings.catch_warnings(): warnings.simplefilter("ignore") try: whois = IPWhois(ip).lookup_rdap() except Exception: return "" registrants = [] for title, obj in whois.get('objects', {}).items(): if obj.get('contact') is None: continue if 'registrant' in obj.get('roles', []): registrants.append(f"{obj['contact'].get('name')} ({title})") break return ', '.join(registrants)
def get_whois_tags(ip_address): """ Get list of tags with `address` for given `ip_address`. Args: index_page (str): HTML content of the page you wisht to analyze. Returns: list: List of :class:`.SourceString` objects. """ whois = IPWhois(ip_address).lookup_whois() nets = whois.get("nets", None) if not nets: return [] # parse cities cities = [ net["city"] for net in nets if net.get("city", None) ] # parse address tags address_list = [] for net in nets: address = net.get("address", None) if not address: continue # filter company name if "description" in net and net["description"]: address = address.replace(net["description"], "").strip() if "\n" in address: address = ", ".join(address.splitlines()) address_list.append(address) return [ SourceString(val, source="Whois") for val in set(cities + address_list) ]
def get_cidr_info(ip_address): for p in private_subnets: if ip_address in p: return str(p), 'Non-Public Subnet' try: res = IPWhois(ip_address).lookup_whois(get_referral=True) except Exception: try: res = IPWhois(ip_address).lookup_whois() except Exception as e: display_error("Error trying to resolve whois: {}".format(e)) res = {} if not res.get('nets', []): display_warning( "The networks didn't populate from whois. Defaulting to a /24.") # again = raw_input("Would you like to try again? [Y/n]").lower() # if again == 'y': # time.sleep(5) # else: return '{}.0/24'.format('.'.join( ip_address.split('.')[:3])), "Whois failed to resolve." cidr_data = [] for net in res['nets']: for cd in net['cidr'].split(', '): cidr_data.append([ len(IPNetwork(cd)), cd, net['description'] if net['description'] else "" ]) try: cidr_data.sort() except Exception as e: display_error("Error occured: {}".format(e)) pdb.set_trace() return cidr_data[0][1], cidr_data[0][2]
def _do(ip_, whois_ttl): data = {} if not HAS_IPWHOIS: return data try: wreg = __salt__[ 'mc_macros.get_local_registry']( 'whois_data', registry_format='pack') if ip in wreg: if time.time() >= wreg[ip]['t'] + whois_ttl: del wreg[ip] data = wreg.get(ip, {}).get('data', {}) if not data: data = IPWhois(ip).lookup() cdata = wreg.setdefault(ip, {}) cdata.setdefault('t', time.time()) cdata.setdefault('data', data) search_data = {'ovh': ['ovh', 'sys'], 'phpnet': ['phpnet'], 'online': ['proxad', 'illiad', 'iliad']} search_data['sys'] = search_data['ovh'] for provider, search_terms in search_data.items(): for i in search_terms: for j in data.get('nets', []): for k, val in j.items(): if k in ['abuse_emails', 'description', 'handle', 'name']: if val and i in val.lower(): data['is_{0}'.format(provider)] = True break __salt__['mc_macros.update_local_registry']( 'whois_data', wreg, registry_format='pack') except Exception: log.error(traceback.format_exc()) data = {} return data
def main(): f_input = open("domains.txt", "r") f_output = open("Results.txt", "w") num_lines = sum(1 for line in open("domains.txt")) print("\n" + "- A total of " + str(num_lines) + " domains will be resolved to an IP" + "\n") i = 1 nslookup = dns.resolver.Resolver() while (i <= num_lines): domain = f_input.readline().rstrip('\n') domain = domain.rstrip('\r') print("- Resolving domain: " + domain + "\n") print(" * Performing NS Lookup..." + "\n") try: #NS LOOKUP - REGISTER A - DOMAIN TO IP nslookup_answer = nslookup.query(domain, "A") except Exception as e: print(str(e)) print(" * ERROR. Domain can not be resolved! " + "\n") f_output.write(domain) f_output.write(";") f_output.write("KO-Domain-not-resolved") f_output.write("\n") break for rdata in nslookup_answer: #for each response #WHOIS IP LOOKUP print(" * Getting IP WHOIS data from ARIN..." + "\n") try: whois_results = IPWhois(str( rdata.address)).lookup_whois(get_asn_description=True) #ORGANIZATION NAME DATA EXTRACTION FROM WHOIS RESULTS org_results = whois_results.get('nets')[0] except Exception as e: print(str(e)) print(" * ERROR. WHOIS IP Data can not be retrieved! " + "\n") f_output.write(domain) f_output.write(";") f_output.write(rdata.address) f_output.write(";") f_output.write("KO-WHOIS-data-retrieval-failed") f_output.write("\n") break #TRY OPEN PORTS 80,443 print(" * Trying to connect on 80,443 ports..." + "\n") try: sock1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock1.settimeout(2) #2 Second Timeout port_http = sock1.connect_ex((str(rdata.address), 80)) sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock2.settimeout(2) #2 Second Timeout port_https = sock2.connect_ex((str(rdata.address), 443)) open_ports = [] if (port_http == 0): open_ports.append(80) web_app = "HTTP is open on 80 port" url_prefix = "http://" elif (port_https == 0): open_ports.append(443) web_app = "HTTPS is open on 443 port" url_prefix = "https://" else: web_app = "No web app detected" except Exception as e: print(str(e)) print(" * ERROR. TCP Socket connection on 80,443 failed! " + "\n") f_output.write(domain) f_output.write(";") f_output.write(rdata.address) f_output.write(";") f_output.write(whois_results.get('asn_description')) f_output.write(";") f_output.write(org_results.get('description')) f_output.write(";") f_output.write("KO-Connection-attempt-on-80,443-ports-failed") f_output.write("\n") break #GET HTML TITLE PAGE print(" * Getting HTML Title page..." + "\n") for port in open_ports: if (port == 80): try: r = requests.get("http://" + domain) html = bs4.BeautifulSoup(r.text) web_title = html.title.text except Exception as e: print(str(e)) print(" * ERROR. No HTML Title page found!" + "\n") f_output.write(domain) f_output.write(";") f_output.write(rdata.address) f_output.write(";") f_output.write(whois_results.get('asn_description')) f_output.write(";") f_output.write(org_results.get('description')) f_output.write(";") f_output.write(web_app) f_output.write(";") f_output.write( "KO-Connection-attempt-on-80,443-ports-failed") f_output.write("\n") break if (port == 443): try: r = requests.get("https://" + domain) html = bs4.BeautifulSoup(r.text) web_title = html.title.text except Exception as e: print(str(e)) print(" * ERROR. No HTML Title page found!" + "\n") f_output.write(domain) f_output.write(";") f_output.write(rdata.address) f_output.write(";") f_output.write(whois_results.get('asn_description')) f_output.write(";") f_output.write(org_results.get('description')) f_output.write(";") f_output.write(web_app) f_output.write(";") f_output.write( "KO-Connection-attempt-on-80,443-ports-failed") f_output.write("\n") break print(" * Result: " + rdata.address + "; " + whois_results.get('asn_description') + "; " + org_results.get('description') + "; " + web_app + "; " + web_title + "\n") print("\n") f_output.write(domain) f_output.write(";") f_output.write(rdata.address) f_output.write(";") f_output.write(whois_results.get('asn_description')) f_output.write(";") f_output.write(org_results.get('description')) f_output.write(";") f_output.write(web_app) f_output.write(";") f_output.write(web_title) f_output.write("\n") i = i + 1 f_input.close() f_output.close()
def get_who_is(hostname): """ Returns some information about hostname. :param hostname: domain name or IP address :type hostname: str :return: information about hostname :rtype: dict """ try: domain = get_domain_name(hostname) info = IPWhois(socket.gethostbyname(domain)).lookup_rdap() data = { 'country_code': info.get('asn_country_code'), # Country code 'date': info.get('asn_date'), # Date 'asncidr': info.get( 'asn_cidr' ), # Abstract Syntax Notation of Classless Inter-Domain Routing 'asnr': info.get('asn_registry'), # Abstract Syntax Notation Registartion 'ip': info.get('query'), # Ip 'asn': info.get('asn'), # Abstract Syntax Notation 'updated': info.get('network').get('events')[0].get('timestamp') if info.get('network') and info.get('network').get('events') and info.get('network').get('events')[0].get('timestamp') else None, # Updated 'handle': info.get('network').get('handle') if info.get('network') else None, # Handle 'description': info.get('network').get('notices')[0].get('description') if info.get('network') and info.get('network').get('notices') and info.get('network').get('notices')[0].get('description') else None, # Description 'postal_code': info.get('network').get('postal_code') if info.get('network') else None, # Postal 'address': info.get('network').get('address') if info.get('network') else None, # Address 'city': info.get('network').get('city') if info.get('network') else None, # City 'name': info.get('network').get('name') if info.get('network') else None, # Name 'created': info.get('network').get('created') if info.get('network') else None, # Created 'country': info.get('network').get('country') if info.get('network') else None, # Country 'state': info.get('network').get('state') if info.get('network') else None, # State 'ip_range': info.get('network').get('range') if info.get('network') else None, # Range of Ip 'cidr': info.get('network').get('cidr') if info.get('network') else None # Classless Inter-Domain Routing } except Exception as error: return None else: return data
def find_or_create(self, ip_str, only_tool=False, in_scope=False, passive_scope=True, label=None, force_cidr=None, **kwargs): res = False if label and force_cidr: res = ([force_cidr, label], ) for cidr in private_subnets: if IPAddress(ip_str) in cidr: res = ([str(cidr), "Non-Public Subnet"], ) for cidr in CIDRRepository(self.db, "").all(): if IPAddress(ip_str) in IPNetwork(cidr.cidr): res = ([str(cidr.cidr), cidr.org_name], ) display("Subnet already in database, not rechecking whois.") if res: cidr_data = res else: while True: try: res = IPWhois(ip_str).lookup_whois(get_referral=True) except Exception: try: res = IPWhois(ip_str).lookup_whois() except Exception as e: display_error( "Error trying to resolve whois: {}".format(e)) res = {} if res.get('nets', []): break else: display_warning( "The networks didn't populate from whois. Defaulting to a /24." ) # again = raw_input("Would you like to try again? [Y/n]").lower() # if again == 'y': # time.sleep(5) # else: res = { 'nets': [{ 'cidr': '{}.0/24'.format('.'.join(ip_str.split('.')[:3])), 'description': 'Whois failed to resolve.' }] } break cidr_data = [] for n in res["nets"]: if "," in n["cidr"]: for cidr_str in n["cidr"].split(", "): cidr_data.append([cidr_str, n["description"]]) else: cidr_data.append([n["cidr"], n["description"]]) cidr_data = [ cidr_d for cidr_d in cidr_data if IPAddress(ip_str) in IPNetwork(cidr_d[0]) ] if cidr_data: try: cidr_len = len(IPNetwork(cidr_data[0][0])) except Exception: pdb.set_trace() matching_cidr = cidr_data[0] for c in cidr_data: if len(IPNetwork(c[0])) < cidr_len: matching_cidr = c display("Processing CIDR from whois: %s - %s" % (str(matching_cidr[1]).split('\n')[0], matching_cidr[0])) created, cidr = super(CIDRRepository, self).find_or_create(only_tool, cidr=matching_cidr[0]) if created: display_new("CIDR %s added to database" % cidr.cidr) cidr.org_name = str(matching_cidr[1]).split('\n')[0] cidr.update() return created, cidr