Find where to report a domain for abuse

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ninoseki from gravatar.com ninoseki
Meta

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

abuse_whois

PyPI version Python CI Coverage Status

A Sigma and RDAP/Whois based abuse contacts finder.

img

This tool is highly inspired from the following libraries:

How It Works

  • Query a given address via RDAP (fallback to Whois is if RDAP fails)
  • Check a query result with Sigma rules and find contacts (fallback to regex if there is no match)

Requirements

  • Python 3.10+

Installation

pip install abuse_whois

# or if you want to use built-in REST API
pip install abuse_whois[api]

Usage

As a library

from abuse_whois import get_abuse_contacts

await get_abuse_contacts("1.1.1.1")
await get_abuse_contacts("github.com")
await get_abuse_contacts("https://github.com")
await get_abuse_contacts("foo@example.com")

As a CLI tool

abuse_whois 1.1.1.1
abuse_whois example.com
abuse_whois foo@example.com
abuse_whois http://example.com

As a REST API

$ uvicorn abuse_whois.api.main:app
INFO:     Started server process [2283]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)

$ http localhost:8000/api/whois/ address=https://github.com

With Docker

git clone https://github.com/ninoseki/abuse_whois
cd abuse_whois
docker build . -t abuse-whois
docker run -i -d -p 8000:8000 abuse-whois

Settings

All settings can be done via environment variables or .env file.

Name Type Default Desc.
QUERY_TIMEOUT int 10 Timeout value for whois lookup (seconds)
QUERY_CACHE_SIZE int 1024 Cache size for whois lookup
QUERY_CACHE_TTL int 3600 Cache TTL value for whois lookup (seconds)
QUERY_MAX_RETRIES int 3 Max retries on timeout error
ADDITIONAL_WHOIS_RULE_DIRECTORY str Additional contains contain whois rule files
ADDITIONAL_SHARED_HOSTING_RULE_DIRECTORY str Additional directory contains shared hosting rule files

Contributions

abuse_whois works based on a combination of static rules and a parsing result of whois response.

Please submit a PR (or submit a feature request) if you find something missing.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ninoseki from gravatar.com ninoseki
Meta

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

This version

0.10.2

0.10.1

0.10.0

0.9.2

0.9.1

0.9.0

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.0

0.4.1

0.4.0

0.3.1

0.3.0

0.2.0

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

abuse_whois-0.10.2.tar.gz (225.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

abuse_whois-0.10.2-py3-none-any.whl (34.6 kB view details)

Uploaded Python 3

File details

Details for the file abuse_whois-0.10.2.tar.gz.

File metadata

  • Download URL: abuse_whois-0.10.2.tar.gz
  • Upload date:
  • Size: 225.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for abuse_whois-0.10.2.tar.gz
Algorithm Hash digest
SHA256 458e8ee8f660b41793cbb0a2387458e3cd22f04d5b348d37757d30de071499ca
MD5 9466fca35efc9930492b709586404da4
BLAKE2b-256 7d35a59b9feddd3e4e5cccac18f90ee1a0c50008fed8b0fde97830ee8b58e3cd

See more details on using hashes here.

Provenance

The following attestation bundles were made for abuse_whois-0.10.2.tar.gz:

Publisher: publish.yml on ninoseki/abuse_whois

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file abuse_whois-0.10.2-py3-none-any.whl.

File metadata

  • Download URL: abuse_whois-0.10.2-py3-none-any.whl
  • Upload date:
  • Size: 34.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for abuse_whois-0.10.2-py3-none-any.whl
Algorithm Hash digest
SHA256 68a206dad95dde9bc8d345808641c8e71e9ee49e97607178e408c2ce13e7a72c
MD5 68bead2ff7dd69e2e615a1b28864629f
BLAKE2b-256 f5ad6bba308700371a72a317ff8e9878b54e9b67374051af748765409849d7c3

See more details on using hashes here.

Provenance

The following attestation bundles were made for abuse_whois-0.10.2-py3-none-any.whl:

Publisher: publish.yml on ninoseki/abuse_whois

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page