Python Whois class

After too long away from the project I have been trying to implement some additional functionality to my submissions2stats script for parsing Nepenthes log files. Something that I’ve had in mind for a while is utilising Whois data to better analyse the source of the malware submissions.

I had assumed that this would be relatively simple, after all the ability to port any required functionality is an integral part of geek humour. This wasn’t to be the case this time as I was unable to find anything this time around (although I didn’t discover giskismet until after I’d wrote my kistmet2gmapstatic scripts). To cover the functionality I have written a short python class that queries a 3rd party whois service for a provided IP address and provides metods to access the returned data.

The script can be accessed here. Hopefully others will find this of some use. Example output from the script’s .out() method targetting

Whois information for
Origin:           AS2818
Inetnum: –
Netname:      UK-BBC-991005
descr:              BBC
Country:        GB

N.B. Text is tab delimeted in actual usage

I’ve started adding the class’ functionality into my submissions2stats script. So far things are progressing well and hopefully I should be able to have an updated script available shortly.

Andrew Waite

Join the conversation

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *