My next class:
LINUX Incident Response and Threat HuntingOnline | US EasternJan 29th - Feb 3rd 2025

Another little script I threw together

Published: 2008-07-02. Last Updated: 2008-07-02 21:14:43 UTC
by Jim Clausing (Version: 1)
2 comment(s)

For the day job, I sometimes need to gather info about an IP address that is being used to launch attacks.  I normally query several different whois servers to find this info.  Being the lazy individual that I am (and because I'm pretty comfortable in Perl), I wrote a little perl script (using a couple of nice packages that others had put together previously, all can be found on CPAN), to grab all the info at once.  The result is ip-as-geo.pl which gives me the following info (separated by |'s): the IP, the CIDR block (or net range) it belongs to, the 2 letter country code where it was allocated (understanding that the system itself may not be in that country), the country name spelled out (in case I can't remember what US stands for), the ASN the IP belongs to, the BGP prefix for that ASN, and who that ASN is registered to.  If you find this useful, great.  If you don't, please don't send me e-mail telling me it was stupid.  If you have suggestions for improvements, please do send those.

 

---Jim

Keywords: perl whois info
2 comment(s)
My next class:
LINUX Incident Response and Threat HuntingOnline | US EasternJan 29th - Feb 3rd 2025

Comments

dependency ... hell... need ... coffee.. :-)
neat!

Diary Archives