At the outset of an external infrastructure test it’s often useful to ensure that the addresses you’re testing are correct, and actually owned by the client. Failure to do so can result in an awkward situation, and one we here at Portcullis Labs would like to avoid wherever possible. With this in mind, we’ve learned to whois… like a boss.
This handy little python 2 script does whois lookups on the IP addresses given in a file (one per line), and will give you the range and owner of each of the addresses (with duplicates removed) so you can spot anything that looks fishy before you start testing*.
Usage and example
IP address file:
126.96.36.199 188.8.131.52 184.108.40.206
And to run:
$ python2 whoislikeaboss.py ips 220.127.116.11 - 18.104.22.168 Level 3 Communications, Inc. 22.214.171.124 - 126.96.36.199 Level 3 Communications, Inc.
*- Common sense not included.