Improved parsing of Whois Records for ARIN, RIPE and APNIC. Added mis…

…sing file save messages.
darkoperator · May 19, 2013 · b6c26f1 · b6c26f1
1 parent d5ccbb0
commit b6c26f1
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 5 deletions.
diff --git a/dnsrecon.py b/dnsrecon.py
@@ -578,10 +578,22 @@ def get_whois_nets_iplist(ip_list):
             # If we get a Whois server Process get the whois and process.
             if whois_server:
                 whois_data = whois(ip, whois_server)
-                net = get_whois_nets(whois_data)
-                if net:
-                    org = get_whois_orgname(whois_data)
-                    found_nets.append({'start': net[0][0], 'end': net[0][1], 'orgname': "".join(org)})
+                arin_style = re.search('NetRange', whois_data)
+                ripe_apic_style = re.search('netname', whois_data)
+                if (arin_style or ripe_apic_style):
+                    net = get_whois_nets(whois_data)
+                    if net:
+                        for network in net:
+                            org = get_whois_orgname(whois_data)
+                            found_nets.append({'start': network[0], 'end': network[1], 'orgname': "".join(org)})
+                else:
+                    for line in whois_data.splitlines():
+                        recordentrie = re.match('^(.*)\s\S*-\w*\s\S*\s(\S*\s-\s\S*)', line)
+                        if recordentrie:
+                            org = recordentrie.group(1)
+                            net = get_whois_nets(recordentrie.group(2))
+                            for network in net:
+                                found_nets.append({'start': network[0], 'end': network[1], 'orgname': "".join(org)})
     #Remove Duplicates
     return [seen.setdefault(idfun(e), e) for e in found_nets if idfun(e) not in seen]
 

diff --git a/lib/whois.py b/lib/whois.py
@@ -54,7 +54,10 @@ def whois(target, whois_srv):
     try:
         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         s.connect((whois_srv, WHOIS_PORT_NUMBER))
-        s.send(("n " + target + "\r\n").encode("utf-8"))
+        if whois_srv == "whois.arin.net":
+            s.send(("n " + target + "\r\n").encode("utf-8"))
+        else:
+            s.send((target + "\r\n").encode("utf-8"))
         response = ''
         while True:
             d = s.recv(WHOIS_RECEIVE_BUFFER_SIZE)
@@ -84,6 +87,10 @@ def get_whois_nets(data):
 def get_whois_orgname(data):
     org_pattern = "OrgName\:\s*(.*)\n"
     result = re.findall(org_pattern, data)
+    # Lets try RIPENET Format
+    if not result :
+        org_pattern = "netname\:\s*(.*)\n"
+        result = re.findall(org_pattern, data)
     if not result:
         result.append("Not Found")
     return result