DataSploit now allow users to perform WhoIs on IP Addresses using the new module ip_whois.py.
(For performing whois on domain names, we already have the module domain_whois.py)
This module returns bunch of useful information related to an IP Address, i.e.
1. Email Addresses
2. Addresses
3. Phone Numbers
4. Country
5. ASN Id - (Can be used to further find allocated IP Addresses ranges and hence can be used to scope an organisation quickly).
6. CIDR Ranges
7. IP Handles
For using this, you would need to install the python library 'IPWhois'. Following command can be used for the same:
sudo pip install --upgrade ipwhois
If you are a new user, we suggest using the requirements.txt file to install all the dependencies using the following command:
sudo pip install -r requirements.txt
No API keys are required for this module, so once you are done with installing dependencies, you can shoot the whois query. The module expects user to pass an IP Address in following way:
python ip_whois.py 103.3.63.174
Output of the module looks something like this:
Since the output contains contact information which could be used for social engineering. These information can also be passed to other DataSploit modules like email_Osint, etc. and can be used for more details OSINT. (Obviously might create noise and need to be handled).
Similarly, ASN Ids can be used with whois to find all the IP Address ranges assigned to this particular ASN (as shown in figure below) and thus can be used by pentester(s), or companies to scope attack surface for other organisations.
To Do:
As of now scans are available for single IP. We are going to allow users to pass a list of IP Addresses using a file.
Use this ASN Id and co-relate the same with IP ranges in an automated manner so no manual work is needed in that context.
Integrate with email_Osint and other such DataSploit modules for more automation and reduce manual effort.
If you would like to get some feature, please drop the same in comments section.
Cheers.