[primalsecurity] 0x8 – Whois Automation

파이썬 모듈을 사용해서 whois 명령을 수행

cymruwhois 모듈 : https://pypi.org/project/cymruwhois/1.0/

 

(base) C:\Workspace\repeat>pip install cymruwhois==1.0
Collecting cymruwhois==1.0
  Downloading https://files.pythonhosted.org/packages/c8/f0/9d867c586f3eed476622affd82a9a0c14d63438293fc
d58885fa80815571/cymruwhois-1.0.tar.gz
Building wheels for collected packages: cymruwhois
  Building wheel for cymruwhois (setup.py) ... done
  Stored in directory: C:\Users\hotsk\AppData\Local\pip\Cache\wheels\9d\f6\81\9b242ed9944360e261120bfbc6
b81bef93ea2e93d1735020f2
Successfully built cymruwhois
Installing collected packages: cymruwhois
Successfully installed cymruwhois-1.0
 
(base) C:\Workspace\repeat>

 

모듈에서 제공하는 함수 확인

>>> from cymruwhois import Client
>>> c = Client()
>>> dir(c)
['KEY_FMT', '__doc__', '__init__', '__module__', '_begin', '_connect', '_connected', '_disconnect', '_lookupmany_raw', '_readline', '_sendline', 'c', 'cache', 'disconnect', 'get_cached', 'host', 'lookup', 'lookupmany', 'lookupmany_dict', 'port', 'read_and_discard']
>>>

 

lookup으로 단일 ip 검색

>>> google = c.lookup('8.8.8.8')
>>> google
<cymruwhois.record instance: 15169|8.8.8.8|8.8.8.0/24|US|GOOGLE - Google Inc.,US>
>>> type(google)
<type 'instance'>
>>>

 

임의의 파일에서 ip주소를 파싱

~$ tcpdump -ttttnnr t.cap tcp[13]=2 | awk '{print $6}' | awk -F "." '{print $1"."$2"."$3"."$4}' > ips.txt
reading from file t.cap, link-type LINUX_SLL (Linux cooked)
~$ python ip2net.py -r ips.txt
[+] Querying from:  ips.txt
173.194.0.0/16       # -   173.194.8.102 (US) - GOOGLE - Google Inc.,US
~$

 

ip2net.py 스크립트

#!/usr/bin/env python
import sys, os, optparse
from cymruwhois import Client
 
def look(iplist):
    c=Client() # creates an instance of the Client class
    try:
        if ips != None:
            r = c.lookupmany_dict(iplist) # leverages the lookupmany_dict() function to pass in a list of IPs
            for ip in iplist: # Iterates over the ips in the list to use a key value in the dictionary from lookupman_dict()
                net = r[ip].prefix; owner = r[ip].owner; cc = r[ip].cc # gets the networking information from the dictionary
                line = '%-20s # - %15s (%s) - %s' % (net,ip,cc,owner) # formats the line to print cleanly
                    print(line)
    except:pass
 
def checkFile(ips): # Checks to ensure the file can be read
        if not os.path.isfile(ips):
                print('[-] ' + ips + ' does not exist.')
                sys.exit(0)
        if not os.access(ips, os.R_OK):
                print('[-] ' + ips + ' access denied.')
                sys.exit(0)
        print('[+] Querying from:  ' +ips)
 
def main():
        parser = optparse.OptionParser('%prog '+
        '-r <file_with IPs> || -i <IP>')
        parser.add_option('-r', dest='ips', type='string', 
                help='specify target file with IPs')
    parser.add_option('-i', dest='ip', type='string', 
        help='specify a target IP address')
        (options, args) = parser.parse_args()
    ip = options.ip      # Assigns a -i <IP> to variable 'ip'
    global ips; ips = options.ips # Assigns a -r <fileName> to variable 'ips'
        if (ips == None) and (ip == None): # If proper arguments aren't given print the script usage
                print(parser.usage)
                sys.exit(0)
        if ips != None:    # Execute if ips has a value
        checkFile(ips)    # Execute the function to check if the file can be read
        iplist = []    # create the ipslist list object
            for line in open(ips, 'r'): # Parse File to create a list
            iplist.append(line.strip('n')) # Appends that line in the file to list and removes the new line char
        look(iplist)    # pass the iplist list object to the look() function
 
    else:    # Executes lookup() function for a single IP stored in variable 'ip'
        try:
            c=Client()
            r = c.lookup(ip)
                    net = r.prefix; owner = r.owner; cc = r.cc
                    line = '%-20s # - %15s (%s) - %s' % (net,ip,cc,owner)
                    print(line)
        except:pass
 
if __name__ == "__main__":
      main()