Find where to report a domain for abuse

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ninoseki from gravatar.com ninoseki

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Manabu Niseki

Requires: Python >=3.10, <4.0

Classifiers

Project description

abuse_whois

PyPI version Python CI Coverage Status

A Sigma and RDAP/Whois based abuse contacts finder.

img

This tool is highly inspired from the following libraries:

How It Works

  • Query a given address via RDAP (fallback to Whois is if RDAP fails)
  • Check a query result with Sigma rules and find contacts (fallback to regex if there is no match)

Requirements

  • Python 3.10+

Installation

pip install abuse_whois

# or if you want to use built-in REST API
pip install abuse_whois[api]

Usage

As a library

from abuse_whois import get_abuse_contacts

await get_abuse_contacts("1.1.1.1")
await get_abuse_contacts("github.com")
await get_abuse_contacts("https://github.com")
await get_abuse_contacts("foo@example.com")

As a CLI tool

abuse_whois 1.1.1.1
abuse_whois example.com
abuse_whois foo@example.com
abuse_whois http://example.com

As a REST API

$ uvicorn abuse_whois.api.main:app
INFO:     Started server process [2283]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)

$ http localhost:8000/api/whois/ address=https://github.com

With Docker

git clone https://github.com/ninoseki/abuse_whois
cd abuse_whois
docker build . -t abuse-whois
docker run -i -d -p 8000:8000 abuse-whois

Settings

All settings can be done via environment variables or .env file.

Name Type Default Desc.
QUERY_TIMEOUT int 10 Timeout value for whois lookup (seconds)
QUERY_CACHE_SIZE int 1024 Cache size for whois lookup
QUERY_CACHE_TTL int 3600 Cache TTL value for whois lookup (seconds)
QUERY_MAX_RETRIES int 3 Max retries on timeout error
RULE_EXTENSIONS CommaSeparatedStrings yaml,yml Rule file extensions
ADDITIONAL_WHOIS_RULE_DIRECTORIES CommaSeparatedStrings Additional directories contain whois rule files
ADDITIONAL_SHARED_HOSTING_RULE_DIRECTORIES CommaSeparatedStrings Additional directories contain shared hosting rule files

Contributions

abuse_whois works based on a combination of static rules and a parsing result of whois response.

Please submit a PR (or submit a feature request) if you find something missing.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ninoseki from gravatar.com ninoseki

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Manabu Niseki

Requires: Python >=3.10, <4.0

Classifiers

Release history Release notifications | RSS feed

This version

0.9.2

0.9.1

0.9.0

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.0

0.4.1

0.4.0

0.3.1

0.3.0

0.2.0

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

abuse_whois-0.9.2.tar.gz (17.9 kB view hashes)

Uploaded Source

Built Distribution

abuse_whois-0.9.2-py3-none-any.whl (35.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page