Home > Python > Python Whois class

Python Whois class

2009/09/17 Leave a comment Go to comments

After too long away from the project I have been trying to implement some additional functionality to my submissions2stats script for parsing Nepenthes log files. Something that I’ve had in mind for a while is utilising Whois data to better analyse the source of the malware submissions.

I had assumed that this would be relatively simple, after all the ability to port any required functionality is an integral part of geek humour. This wasn’t to be the case this time as I was unable to find anything this time around (although I didn’t discover giskismet until after I’d wrote my kistmet2gmapstatic scripts). To cover the functionality I have written a short python class that queries a 3rd party whois service for a provided IP address and provides metods to access the returned data.

The script can be accessed here. Hopefully others will find this of some use. Example output from the script’s .out() method targetting www.bcc.co.uk:

Whois information for 212.58.253.67
Origin:           AS2818
Inetnum:       212.58.224.0 – 212.58.255.255
Netname:      UK-BBC-991005
descr:              BBC
Country:        GB

N.B. Text is tab delimeted in actual usage

I’ve started adding the class’ functionality into my submissions2stats script. So far things are progressing well and hopefully I should be able to have an updated script available shortly.

Andrew Waite

Categories: Python

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.