Security Incidents mailing list archives
Announce: abuseEmail - Finds out abuse email addresses for a specified IP address
From: Guillaume Filion <gfk () LOGIDAC COM>
Date: Sat, 17 Feb 2001 15:15:22 -0500
Hi all, Recently there was a discussion in this mailing list about Handling Scans and some people express their interest for an automated tool to find the abuse email address of a specified IP address. I said that I've been wanting to do something like this for a long time, so instead of just saying it, I spent my friday night/saturday morning coding it. The result is a 14 KB perl script that works pretty well. I've tried it with about half a hundred IP addresses and I always got good results. Of course, I'm sure that there are still bugs and lacks of functionnality on many aspects and I'm very open to your comments and suggestions. The script is available here: http://logidac.com/abuseEmail/ If you want to know how to script works, well you can look at the code, but you can also use the -v (verbose) flag. Here's an example: ------ [gfk@cesam gfk]$ abuseEmail.pl 208.56.76.14 postmaster () logidac com,abuse () alabanza com [gfk@cesam gfk]$ abuseEmail.pl -v 208.56.76.14 Checking if 208.56.76.14 is a Private ip address...no Checking if 208.56.76.14 is a reserved ip address...no Checking the hostname associated with 208.56.76.14... logidac.com Checking for this hostname at abuse.net...found postmaster () logidac com Checking DNS zone's Start of Authority on the hostname...not found. on the ip address...found: hostmaster.alabanza.com Checking for this SOA at abuse.net...found abuse () alabanza com Found these abuse addresses: postmaster () logidac com,abuse () alabanza com Confidence: 1 (the more, the better). ------ Best, GFK's -- Guillaume Filion Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
Attachment:
_bin
Description:
Current thread:
- Announce: abuseEmail - Finds out abuse email addresses for a specified IP address Guillaume Filion (Feb 17)