Find where to report a domain for abuse
Project description
abuse_whois
A Sigma and RDAP/Whois based abuse contacts finder.
This tool is highly inspired from the following libraries:
How It Works
- Query a given address via RDAP (fallback to Whois is if RDAP fails)
- Check a query result with Sigma rules and find contacts (fallback to regex if there is no match)
Requirements
- Python 3.10+
Installation
pip install abuse_whois
# or if you want to use built-in REST API
pip install abuse_whois[api]
Usage
As a library
from abuse_whois import get_abuse_contacts
await get_abuse_contacts("1.1.1.1")
await get_abuse_contacts("github.com")
await get_abuse_contacts("https://github.com")
await get_abuse_contacts("foo@example.com")
As a CLI tool
abuse_whois 1.1.1.1
abuse_whois example.com
abuse_whois foo@example.com
abuse_whois http://example.com
As a REST API
$ uvicorn abuse_whois.api.main:app
INFO: Started server process [2283]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
$ http localhost:8000/api/whois/ address=https://github.com
With Docker
git clone https://github.com/ninoseki/abuse_whois
cd abuse_whois
docker build . -t abuse-whois
docker run -i -d -p 8000:8000 abuse-whois
Settings
All settings can be done via environment variables or .env file.
| Name | Type | Default | Desc. |
|---|---|---|---|
| QUERY_TIMEOUT | int | 10 | Timeout value for whois lookup (seconds) |
| QUERY_CACHE_SIZE | int | 1024 | Cache size for whois lookup |
| QUERY_CACHE_TTL | int | 3600 | Cache TTL value for whois lookup (seconds) |
| QUERY_MAX_RETRIES | int | 3 | Max retries on timeout error |
| RULE_EXTENSIONS | CommaSeparatedStrings | yaml,yml | Rule file extensions |
| ADDITIONAL_WHOIS_RULE_DIRECTORY | str | Additional contains contain whois rule files | |
| ADDITIONAL_SHARED_HOSTING_RULE_DIRECTORY | str | Additional directory contains shared hosting rule files |
Contributions
abuse_whois works based on a combination of static rules and a parsing result of whois response.
Please submit a PR (or submit a feature request) if you find something missing.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file abuse_whois-0.10.0.tar.gz.
File metadata
- Download URL: abuse_whois-0.10.0.tar.gz
- Upload date:
- Size: 18.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.12 Linux/6.5.0-1022-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3f750149b2ebfb8236ce3ccd38ece2873f944daba4ed006290ba66ec557ab4fb
|
|
| MD5 |
62c20f87fc7b49ffbbbc33332dd021c1
|
|
| BLAKE2b-256 |
b10bfe37cda10927500b5e4b406af8766cb98736433ff5ab5e61dfdbccdf231c
|
File details
Details for the file abuse_whois-0.10.0-py3-none-any.whl.
File metadata
- Download URL: abuse_whois-0.10.0-py3-none-any.whl
- Upload date:
- Size: 34.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.12 Linux/6.5.0-1022-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f49e81cf7f2cfd0262649cf86bebaa959cbb2ab29ecedafe0190871a0411ad25
|
|
| MD5 |
fbe023913f8a293911cbc62a15115884
|
|
| BLAKE2b-256 |
d1641a8f75e3fdb6a37029d09b1f456298fc33bb6a0d4b6b73e84a4f8fb47bea
|
