Plugin based information gathering library
Python
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
docs
ninfo
tests
.gitignore
MANIFEST.in
README.md
example_ninfo.ini
meme.jpeg
setup.py

README.md

nInfo

nInfo is a library, CLI tool, and web interface (and lots of plugins) for gathering information on any of the following:

  • IP Address (v4 or v6)
  • CIDR Block (v4 or v6)
  • MAC Address
  • Hostname
  • Username
  • Hashes (as in md5/sha1 etc)

It consists of multiple plugin classes that implement a get_info function. The classes contain metadata for the type of arguments they accept, and if they are relevant for internal and or external hosts.

The CLI tool

Listing plugins

$ ninfo -l
Name                 Title                Description
cif                  CIF                  Collective Intelligence Framework
cymruwhois           Cymru Whois          Cymru Whois lookup
geoip                GeoIP                GeoIP
google_safebrowsing  Google Safe Browsing Google Safe Browsing check
....

Getting information

Silly example, run two plugins against two addreses:

$ ninfo -p geoip -p cymruwhois 8.8.8.8 4.2.2.2
=== 8.8.8.8 === 
*** Cymru Whois (Cymru Whois lookup) ***
15169 US 8.8.8.0/24 GOOGLE - Google Inc.

*** GeoIP (GeoIP) ***
US - United States

=== 4.2.2.2 === 
*** Cymru Whois (Cymru Whois lookup) ***
3356 US 4.0.0.0/9 LEVEL3 Level 3 Communications

*** GeoIP (GeoIP) ***
US - United States

The Library

>>> from ninfo import Ninfo
>>> n=Ninfo()
>>> n.get_info("cymruwhois", "8.8.8.8")
{'cc': 'US', 'ip': '8.8.8.8', 'prefix': '8.8.8.0/24', 'asn': '15169', 'owner': 'GOOGLE - Google Inc.'}
>>> print n.get_info_text("geoip", "8.8.8.8")
US - United States

The Web Interface

See https://github.com/justinazoff/ninfo_web or https://github.com/justinazoff/django-ninfo

Writing A plugin

Here's a plugin:

from ninfo import PluginBase

class fun_plugin(PluginBase):
    """This plugin returns something cool!"""

    name        =  'fun'
    title       =  'Fun Plugin'
    description =  'Happy Fun time'
    cache_timeout   =  60*2
    types   =    ['ip','hostname']

    #def setup(self):
    #    #libraries should be lazy imported in setup. This is only called once.
    #    import mybackendlibrary
    #    self.client = mybackendlibrary.Client()

    def get_info(self, arg):
        #should always return a dictionary, even for a single value
        #multiple values are the norm, and allow values to be added without breakage
        result = 'hello %s' % arg
        return { "result": result }

plugin_class = fun_plugin

If installed, this plugin can be run as follows:

>>> from ninfo import Ninfo
>>> p = Ninfo()
>>> print p.get_info('fun', 'justin.rules')
{'result': 'hello justin.rules'}

I had to include a '.' in the argument, because without it, ninfo will assume the argument is a 'user' and not an 'ip' or a 'hostname', and it will not run the plugin.

Plugins are installed and located using entry_points. If the above class was in a python module called fun_plugin, it would be installed by the following in setup.py:

...
py_modules = [ "fun_plugin"],
entry_points = {
    'ninfo.plugin': [
        'fun = fun_plugin',
    ]
...

Plugin Metadata

  • Strings
    • __doc__ - The python docstring of the class is used as the long_description for the plugin.
    • name - The name of the plugin. Can be anything, but keeping it limited to [a-z_] is recommended.
    • title - The title of the plugin. This is what is actually displayed to the user.
    • description - Short description of the plugin.
  • cache_timeout - timeout in seconds that this plugin should be cached in memcache, and the max-age parameter sent by the web interface.
  • types - A list of one or more of 'mac', 'ip4', 'ip6', 'cidr4', 'cidr6', 'hostname', 'username'.
  • local - if False, this plugin will not be run against local hosts.
  • remote - if False, this plugin will not be run against remote hosts.

Cloned Plugins

Multiple instances of a plugin can be created by adding another section in the configuration file and optionally overriding the plugin metadata:

[plugin:geoip]
path = GeoIP.dat

[plugin:geoipcity]
clone = geoip
path = GeoIPCity.dat
title = City GeoIP
description = City Level GeoIP

See Also