Processes list of IPs and tries to figure out abuse email(s) for them.
Done as part of a research project for the Department of Information Technology of University of Turku
Work In Progress, but has been tested with 10000+ IPs and 3 proxies.
- Install dependencies below
- Set up proxy servers and add them to config.py
- See below
$ python3 whoisabuse.py
Usage:
add Add IPs from stdin
process Start processing IPs
process-failed Mark failed IPs to be reprocessed
dump Dump IPs with any results
dump-processed Dump IPs that have email results
$ echo 192.30.253.113 | python whoisabuse.py add
IPs added (1, 1) Bad IPs: 0
$ python whoisabuse.py process
Processing 192.30.253.113
Exhausted queryable IPs
Processing finished. Requests: 1 Replies: 0 instant, 1 by whoiser
$ python whoisabuse.py dump
192.30.253.113 [email protected]
pip install --upgrade ipwhois
pip install netaddrYou also need 3+ proxies to efficiently query the databases.
- Add timestamps!
- Optimize CPU usage and database queries
- Normalize email database
- Allow choosing maximum network size
- Improve error logging
- Improve proxying system
- Possibly many, work in progress