MustacheOne will quickly let you gather some basic information on IPs or URLs by consolidating the information from different websites.
MustasheOne makes use of the following sites:
- Single IP usage: MustacheOne.py 208.78.70.16
- Single URL usage: MustacheOne.py github.com
- Combination usage: MustacheOne.py github.com 208.78.70.16 google.com
- Launch WebGUI(Open 127.0.0.1:8080) MustacheOne.py webgui
You will need to create a file named "config.ini"
Example config.ini
[virustotal]
apikey = yourAPIkey
___ ___ _ _ _____ | \/ | | | | | | _ | | . . |_ _ ___| |_ __ _ ___| |__ ___ | | | |_ __ ___ | |\/| | | | / __| __/ _` |/ __| '_ \ / _ \| | | | '_ \ / _ \ | | | | |_| \__ \ || (_| | (__| | | | __/\ \_/ / | | | __/ \_| |_/\__,_|___/\__\__,_|\___|_| |_|\___| \___/|_| |_|\___| https://github.com/cyberphilia/MustacheOne ========================================================== Report for github.com 2012-10-19 10:17:45.670000 ========================================================== ************************ VirusTotal https://www.virustotal.com ************************ CLEAN MX: clean site MalwarePatrol: clean site ZDB Zeus: clean site K7AntiVirus: clean site Yandex Safebrowsing: clean site MalwareDomainList: clean site ZeusTracker: clean site zvelo: clean site Google Safebrowsing: clean site BitDefender: clean site Wepawet: clean site G-Data: clean site C-SIRT: clean site Sucuri SiteCheck: clean site VX Vault: clean site SCUMWARE.org: clean site Opera: clean site AlienVault: clean site Sophos: unrated site Malc0de Database: clean site SpyEyeTracker: clean site Phishtank: clean site Avira: clean site Antiy-AVL: clean site Comodo Site Inspector: clean site SecureBrain: unrated site ParetoLogic: malware site URLQuery: unrated site Minotaur: clean site ************************ intoDNS http://www.intodns.com/ ************************ **********Parent********** ***Domain NS records Nameserver records returned by the parent servers are: ns1.p16.dynect.net. ['208.78.70.16'] [TTL=172800] ns3.p16.dynect.net. ['208.78.71.16'] [TTL=172800] ns2.p16.dynect.net. ['204.13.250.16'] [TTL=172800] ns4.p16.dynect.net. ['204.13.251.16'] [TTL=172800] a.gtld-servers.net was kind enough to give us that information. ***TLD Parent Check Good.a.gtld-servers.net, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check. ***Your nameservers are listed Good. The parent server a.gtld-servers.net has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers. ***DNS Parent sent Glue Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3) ***Nameservers A records Good. Every nameserver listed has A records. This is a must if you want to be found. **********NS********** ***NS records from your nameservers NS records got from your nameservers listed at the parent NS are: ns3.p16.dynect.net['208.78.71.16'] [TTL=86400] ns4.p16.dynect.net['204.13.251.16'] [TTL=86400] ns2.p16.dynect.net['204.13.250.16'] [TTL=86400] ns1.p16.dynect.net['208.78.70.16'] [TTL=86400] ***Recursive Queries Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone. ***Same Glue The A records (the GLUE) got from the parent zone check are the same as the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do according to the RFC. This tests only nameservers that are common at the parent and at your nameservers. If there are any missing or stealth nameservers you should see them below! ***Glue for NS records INFO: GLUE was not sent when I asked your nameservers for your NS records.This is ok but you should know that in this case an extra A record lookup is required in order to get the IPs of your NS records. The nameservers without glue are: 204.13.251.16 208.78.70.16 208.78.71.16 204.13.250.16 You can fix this for example by adding A records to your nameservers for the zones listed above. ***Mismatched NS records OK. The NS records at all your nameservers are identical. ***DNS servers responded Good. All nameservers listed at the parent server responded. ***Name of nameservers are valid OK. All of the NS records that your nameservers report seem valid. ***Multiple Nameservers Good. You have multiple nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. ***Nameservers are lame OK. All the nameservers listed at the parent servers answer authoritatively for your domain. ***Missing nameservers reported by parent OK. All NS records are the same at the parent and at your nameservers. ***Missing nameservers reported by your nameservers OK. All nameservers returned by the parent server a.gtld-servers.net are the same as the ones reported by your nameservers. ***Domain CNAMEs OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. ***NSs CNAME check OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. ***Different subnets OK. Looks like you have nameservers on different subnets! ***IPs of nameservers are public Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like ***DNS servers allow TCP connection OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default. ***Different autonomous systems OK. It seems you are safe from a single point of failure. You must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down. ***Stealth NS records sent Ok. No stealth ns records are sent **********SOA********** ***SOA record The SOA record is: Primary nameserver: ns1.p16.dynect.net Hostmaster E-mail address: hostmaster.github.com Serial #: 1350605005 Refresh: 3600 Retry: 600 Expire: 6048001 weeks Default TTL: 60 ***NSs have same SOA serial OK. All your nameservers agree that your SOA serial number is 1350605005. ***SOA MNAME entry OK. ns1.p16.dynect.net That server is listed at the parent servers. ***SOA Serial Your SOA serial number is: 1350605005. This can be ok if you know what you are doing. ***SOA REFRESH OK. Your SOA REFRESH interval is: 3600.That is OK ***SOA RETRY Your SOA RETRY value is: 600. Looks ok ***SOA EXPIRE Your SOA EXPIRE number is: 604800.Looks ok ***SOA MINIMUM TTL Your SOA MINIMUM TTL is: 60. This value was used to serve as a default TTL for records without a given TTL value and now is used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours. Your value of 60 is OK. **********MX********** ***MX Records Your MX records that were reported by your nameservers are: 10aspmx3.googlemail.com 74.125.141.27 (no glue) 10alt1.aspmx.l.google.com 74.125.143.27 (no glue) 10alt2.aspmx.l.google.com 74.125.141.26 (no glue) 10aspmx.l.google.com 173.194.70.26 (no glue) 10aspmx2.googlemail.com 74.125.143.27 (no glue) [These are all the MX records that I found. If there are some non common MX records at your nameservers you should see them below. ] ***Different MX records at nameservers Good. Looks like all your nameservers have the same set of MX records. This tests to see if there are any MX records not reported by all your nameservers and also MX records that have the same hostname but different IPs ***MX name validity Good. I did not detect any invalid hostnames for your MX records. ***MX IPs are public OK. All of your MX records appear to use public IPs. ***MX CNAME Check OK. No problems here. ***MX A request returns CNAME OK. No CNAMEs returned for A records lookups. ***MX is not IP OK. All of your MX records are host names. ***Number of MX records Good. Looks like you have multiple MX records at all your nameservers. This is a good thing and will help in preventing loss of mail. ***Mismatched MX A OK. I did not detect differing IPs for your MX records. ***Duplicate MX A records OK. You have some duplicate MX records (MX records with the same IPs). This is not that good but if you know what you are doing than it's ok. ***Reverse MX A records (PTR) Your reverse (PTR) record: 27.143.125.74.in-addr.arpa-> la-in-f27.1e100.net 26.141.125.74.in-addr.arpa-> da-in-f26.1e100.net 27.141.125.74.in-addr.arpa-> da-in-f27.1e100.net 26.70.194.173.in-addr.arpa-> fa-in-f26.1e100.net You have reverse (PTR) records for all your IPs, that is a good thing. **********WWW********** ***WWW A Record Your www.github.com A record is: www.github.com [207.97.227.243] ***IPs are public OK. All of your WWW IPs appear to be public IPs. ***WWW CNAME OK. No CNAME ************************ NetCraft http://news.netcraft.com/ ************************ Site:http://github.com Last reboot: 140 days agoUptime graph Domain:github.com Netblock owner: github IP address:207.97.227.239 Site rank: 10288 Country:US Nameserver: ns1.p16.dynect.net Date first seen:August 2011 DNS admin: hostmaster@github.com Domain Registrar:godaddy.com Reverse DNS: github.com Organisation:GitHub, Inc. Nameserver Organisation: Dynamic Network Services, Inc., 150 Dow St, Manchester, 03101, United States Hosting History Netblock Owner IP address OS Web Server Last changed github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx 15-Oct-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx 8-Oct-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx 8-Oct-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx 15-Sep-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx 8-Sep-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx/1.0.13 15-Aug-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx/1.0.13 14-Jul-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx/1.0.13 14-Jun-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx/1.0.13 13-May-2012 github 3783 20th St. Apt. 3 San Francisco CA US 94110 207.97.227.239 Linux nginx/1.0.13 13-Apr-2012 ************************ Network Solutions http://www.networksolutions.com ************************ Current Registrar: GODADDY.COM, LLC Record Type: Domain Name Server Type: Other 0 Lock Status: clientDeleteProhibited WebSite Status: Active The data contained in GoDaddy.com, LLC's WhoIs database, while believed by the company to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of GoDaddy.com, LLC. By submitting an inquiry, you agree to these terms of usage and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise make possible, dissemination or collection of this data, in part or in its entirety, for any purpose, such as the transmission of unsolicited advertising and and solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Please note: the registrant of the domain name is specified in the "registrant" field. In most cases, GoDaddy.com, LLC is not the registrant of domain names listed in this database. Registered through: GoDaddy.com, LLC (http://www.godaddy.com) Domain Name: GITHUB.COM Created on: 09-Oct-07 Expires on: 09-Oct-18 Last Updated on: 22-Aug-11 Registrant: GitHub, Inc. 548 4th St San Francisco, California 94107 United States Administrative Contact: Werner, Thomas tom@github.com GitHub, Inc. 589 Howard St. Floor 4 San Francisco, California 94105 United States +1.7606720832 Technical Contact: Werner, Thomas tom@github.com GitHub, Inc. 589 Howard St. Floor 4 San Francisco, California 94105 United States +1.7606720832 Domain servers in listed order: NS1.P16.DYNECT.NET NS2.P16.DYNECT.NET NS3.P16.DYNECT.NET NS4.P16.DYNECT.NET The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness. ************************ Google http://www.google.com ************************ Google queries to help with recon * Subdomains excluding www: site:github.com -www.github.com * Office files from github.com: filetype:xlsx OR filetype:pptx OR filetype:docx site:github.com * PDF files from github.com: filetype:pdf site:github.com * Links to github.com: link:github.com * Email Addresses: "@github.com" -www.github.com
___ ___ _ _ _____ | \/ | | | | | | _ | | . . |_ _ ___| |_ __ _ ___| |__ ___ | | | |_ __ ___ | |\/| | | | / __| __/ _` |/ __| '_ \ / _ \| | | | '_ \ / _ \ | | | | |_| \__ \ || (_| | (__| | | | __/\ \_/ / | | | __/ \_| |_/\__,_|___/\__\__,_|\___|_| |_|\___| \___/|_| |_|\___| https://github.com/cyberphilia/MustacheOne ========================================================== Report for 208.78.70.16 2012-10-19 10:18:26.479000 ========================================================== ************************ VirusTotal https://www.virustotal.com ************************ CLEAN MX: clean site MalwarePatrol: clean site ZDB Zeus: clean site K7AntiVirus: clean site Yandex Safebrowsing: clean site MalwareDomainList: clean site ZeusTracker: clean site zvelo: clean site Google Safebrowsing: clean site Opera: clean site G-Data: clean site C-SIRT: clean site Sucuri SiteCheck: clean site VX Vault: clean site SCUMWARE.org: clean site Dr.Web: clean site AlienVault: clean site Sophos: unrated site Malc0de Database: clean site SpyEyeTracker: clean site Phishtank: clean site Avira: clean site Antiy-AVL: clean site Comodo Site Inspector: clean site SecureBrain: unrated site Netcraft: clean site ParetoLogic: clean site URLQuery: unrated site Wepawet: unrated site Minotaur: clean site ************************ IP Void https://www.ipvoid.com ************************ Report: Rescan |11-10-2012, 02:48:13 GMT (1 week ago)|All Reports IP Address: 208.78.70.16 (Network Tools) (View Websites Hosted Here) ISP: Dynamic Network Services Organization: Dynamic Network Services IP Hostname: ns1.p16.dynect.net IP Country: United States (US) Detections 0/36 (0.00%) Status CLEAN MyWOT: CLEAN SpamRATS: CLEAN DNSBL_AbuseCH: CLEAN EFnet_RBL: CLEAN TornevallNET: CLEAN SpamCop: CLEAN PSBL: CLEAN WPBL: CLEAN MalwareDomainList: CLEAN malc0de: CLEAN ZeuS Tracker: CLEAN SpyEye Tracker: CLEAN PhishTank: CLEAN Autoshun: CLEAN DShield: CLEAN SnortAttack: CLEAN OpenBL_org: CLEAN MSRBL: CLEAN Bogons_Team_Cymru: CLEAN SCUMWARE: CLEAN URIBL: CLEAN MalwareBlacklist: CLEAN GoogleSafeBrowsing: CLEAN Spamhaus: CLEAN SURBL: CLEAN URLVir: CLEAN ThreatLog: CLEAN VScan: CLEAN ProjectHoneypot: CLEAN BlockList_de: CLEAN AHBL: CLEAN Backscatterer: CLEAN VirBL: CLEAN CBL_AbuseAt: CLEAN SORBS: CLEAN EmergingThreats: CLEAN ************************ Project Honey Pot http://www.projecthoneypot.org ************************ We don't have data on this IP currently. If you know something, you may leave a comment. ************************ Network Solutions http://www.networksolutions.com ************************ # # Query terms are ambiguous. The query is assumed to be: # "n 208.78.70.16" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=208.78.70.16?showDetails=true&showARIN;=false&ext;=netref2 # NetRange: 208.78.68.0 - 208.78.71.255 CIDR: 208.78.68.0/22 OriginAS: AS33517 NetName: DNSINC-2 NetHandle: NET-208-78-68-0-1 Parent: NET-208-0-0-0-0 NetType: Direct Allocation RegDate: 2007-05-16 Updated: 2012-03-02 Ref: http://whois.arin.net/rest/net/NET-208-78-68-0-1 OrgName: Dynamic Network Services, Inc. OrgId: DNS-33 Address: 150 Dow St. City: Manchester StateProv: NH PostalCode: 03101 Country: US RegDate: 2004-01-06 Updated: 2011-06-21 Ref: http://whois.arin.net/rest/org/DNS-33 OrgAbuseHandle: ABUSE514-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-603-668-4998 OrgAbuseEmail: abuse@dyndns.com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE514-ARIN OrgNOCHandle: NOC1473-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-603-668-4998 OrgNOCEmail: noc@dyndns.com OrgNOCRef: http://whois.arin.net/rest/poc/NOC1473-ARIN OrgTechHandle: IAA29-ARIN OrgTechName: IP Address Administator OrgTechPhone: +1-603-296-1598 OrgTechEmail: ip-admin@dyn.com OrgTechRef: http://whois.arin.net/rest/poc/IAA29-ARIN RAbuseHandle: ABUSE514-ARIN RAbuseName: Abuse Department RAbusePhone: +1-603-668-4998 RAbuseEmail: abuse@dyndns.com RAbuseRef: http://whois.arin.net/rest/poc/ABUSE514-ARIN RNOCHandle: NOC1473-ARIN RNOCName: Network Operations Center RNOCPhone: +1-603-668-4998 RNOCEmail: noc@dyndns.com RNOCRef: http://whois.arin.net/rest/poc/NOC1473-ARIN RTechHandle: TJD14-ARIN RTechName: Daly, Thomas J RTechPhone: +1-603-668-4998 RTechEmail: tom@dyn.com RTechRef: http://whois.arin.net/rest/poc/TJD14-ARIN #