Another little script I threw together
For the day job, I sometimes need to gather info about an IP address that is being used to launch attacks. I normally query several different whois servers to find this info. Being the lazy individual that I am (and because I'm pretty comfortable in Perl), I wrote a little perl script (using a couple of nice packages that others had put together previously, all can be found on CPAN), to grab all the info at once. The result is ip-as-geo.pl which gives me the following info (separated by |'s): the IP, the CIDR block (or net range) it belongs to, the 2 letter country code where it was allocated (understanding that the system itself may not be in that country), the country name spelled out (in case I can't remember what US stands for), the ASN the IP belongs to, the BGP prefix for that ASN, and who that ASN is registered to. If you find this useful, great. If you don't, please don't send me e-mail telling me it was stupid. If you have suggestions for improvements, please do send those.
---Jim
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
Comments
Erik
Jul 3rd 2008
1 decade ago
i like it
Jul 3rd 2008
1 decade ago