At the outset of an external infrastructure test it’s often useful to ensure that the addresses you’re testing are correct, and actually owned by the client. Failure to do so can result in an awkward situation, and one we here at Portcullis Labs would like to avoid wherever possible. With this in mind, we’ve learned to whois… like a boss.
Key features
This handy little python 2 script does whois lookups on the IP addresses given in a file (one per line), and will give you the range and owner of each of the addresses (with duplicates removed) so you can spot anything that looks fishy before you start testing*.
Usage and example
IP address file:
8.8.8.8 8.8.8.9 4.4.2.2
And to run:
$ python2 whoislikeaboss.py ips 8.0.0.0 - 8.255.255.255 Level 3 Communications, Inc. 4.0.0.0 - 4.255.255.255 Level 3 Communications, Inc.
Simples!
*- Common sense not included.