At the outset of an external infrastructure test it’s often useful to ensure that the addresses you’re testing are correct, and actually owned by the client. Failure to do so can result in an awkward situation, and one we here at Portcullis Labs would like to avoid wherever possible. With this in mind, we’ve learned to whois… like a boss.
This handy little python 2 script does whois lookups on the IP addresses given in a file (one per line), and will give you the range and owner of each of the addresses (with duplicates removed) so you can spot anything that looks fishy before you start testing*.
Usage and example
IP address file:
184.108.40.206 220.127.116.11 18.104.22.168
And to run:
$ python2 whoislikeaboss.py ips 22.214.171.124 - 126.96.36.199 Level 3 Communications, Inc. 188.8.131.52 - 184.108.40.206 Level 3 Communications, Inc.
*- Common sense not included.
November 4, 2013
MD5 hash: c628b46d07ee1c65668687e6d11a09c9
|Date:||November 4, 2013|