Skip to content

A tool for checking if IPv4/IPv6 addresses and CIDRs belong to specific netblocks (ASes). This is particularly useful when checking if your netblocks/ASes occur in dumps/leaks (e.g. for Threat Intel purposes).

License

Notifications You must be signed in to change notification settings

KPN-CISO/netchecker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Description

(c) Arnim Eijkhoudt <arnime squiggly kpn-cert.nl>, 2017-2019, KPN-CERT, GPLv2 license

Netchecker lets you run an offline-check of list of IPv4- and IPv6-addresses and CIDRs against all known AS numbers/names. This tool is particularly useful for checking leaked/dumped IPs/CIDRs against your ASNs to see if there are any matches, without having to use online-only internet resources (this mitigates OPSEC leaks: you do not have to announce your interest in the checked addresses/ranges).

Netchecker automatically parses the entirety of any text file (unstructured or not) for anything resembling an IPv4 address, IPv6 address or a CIDR-netblock, and will determine if any of those belong to one of the AS numbers/names you specified as keyword searches. The output will show:

  1. which IPs/CIDRs were found in which ASNs
  2. to which exact subnet the IPs/CIDRs belong (useful for helping to determine the ownership for delegated prefixes)
  3. how many IPs/CIDRs were found in the source file
  4. how many of the IPs/CIDRs found in the source file were discovered in the searched ASNs
  5. how many of the IPs/CIDRs found in the source file were NOT discovered in the searched ASNs
  6. which of the found IPs/CIDRs from the source file were NOT discovered in the searched ASNs

Requirements

  1. Python 3.x (sorry, Python 2.x is no longer supported due to the need for the ipaddress module/features)
  2. [required] MaxMind's GeoLite ASN databases: https://geolite.maxmind.com/download/geoip/database/ (auto-download possible)

Installation

  1. git clone https://github.com/KPN-CISO/netchecker/

Usage

  1. For your first run, create the GeoCache db first by running netchecker with the -u option.

  2. Run netchecker over any text-based file containing IPv4 and/or IPv6 addresses/CIDRs, and specify the ASNs to look for or use the '-a' option to list all IP <-> ASN relationships:

    ./netchecker.py -f <ip-file> <ASname> <ASname> <ASnumber...> ... etc.

Usage notes:

  • netchecker will automatically carve out anything that looks like an IPv4/IPv6/CIDR address; you do NOT need to have them neatly listed!
  • certain flags can be combined, e.g. to -u(pdate) and -f(ind) at the same time

Caveats, miscellaneous, TODO, etc.

About

A tool for checking if IPv4/IPv6 addresses and CIDRs belong to specific netblocks (ASes). This is particularly useful when checking if your netblocks/ASes occur in dumps/leaks (e.g. for Threat Intel purposes).

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages