Find where to report a domain for abuse
Project description
abuse_whois
A Sigma and RDAP/Whois based abuse contacts finder.
This tool is highly inspired from the following libraries:
How It Works
- Query a given address via RDAP (fallback to Whois is if RDAP fails)
- Check a query result with Sigma rules and find contacts (fallback to regex if there is no match)
Requirements
- Python 3.10+
Installation
pip install abuse_whois
# or if you want to use built-in REST API
pip install abuse_whois[api]
Usage
As a library
from abuse_whois import get_abuse_contacts
await get_abuse_contacts("1.1.1.1")
await get_abuse_contacts("github.com")
await get_abuse_contacts("https://github.com")
await get_abuse_contacts("foo@example.com")
As a CLI tool
abuse_whois 1.1.1.1
abuse_whois example.com
abuse_whois foo@example.com
abuse_whois http://example.com
As a REST API
$ uvicorn abuse_whois.api.main:app
INFO: Started server process [2283]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
$ http localhost:8000/api/whois/ address=https://github.com
With Docker
git clone https://github.com/ninoseki/abuse_whois
cd abuse_whois
docker build . -t abuse-whois
docker run -i -d -p 8000:8000 abuse-whois
Settings
All settings can be done via environment variables or .env file.
| Name | Type | Default | Desc. |
|---|---|---|---|
| QUERY_TIMEOUT | int | 10 | Timeout value for whois lookup (seconds) |
| QUERY_CACHE_SIZE | int | 1024 | Cache size for whois lookup |
| QUERY_CACHE_TTL | int | 3600 | Cache TTL value for whois lookup (seconds) |
| QUERY_MAX_RETRIES | int | 3 | Max retries on timeout error |
| RULE_EXTENSIONS | CommaSeparatedStrings | yaml,yml | Rule file extensions |
| ADDITIONAL_WHOIS_RULE_DIRECTORY | str | Additional contains contain whois rule files | |
| ADDITIONAL_SHARED_HOSTING_RULE_DIRECTORY | str | Additional directory contains shared hosting rule files |
Contributions
abuse_whois works based on a combination of static rules and a parsing result of whois response.
Please submit a PR (or submit a feature request) if you find something missing.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
abuse_whois-0.10.0.tar.gz
(18.3 kB
view details)
Built Distribution
File details
Details for the file abuse_whois-0.10.0.tar.gz.
File metadata
- Download URL: abuse_whois-0.10.0.tar.gz
- Upload date:
- Size: 18.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.12 Linux/6.5.0-1022-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3f750149b2ebfb8236ce3ccd38ece2873f944daba4ed006290ba66ec557ab4fb |
|
| MD5 | 62c20f87fc7b49ffbbbc33332dd021c1 |
|
| BLAKE2b-256 | b10bfe37cda10927500b5e4b406af8766cb98736433ff5ab5e61dfdbccdf231c |
File details
Details for the file abuse_whois-0.10.0-py3-none-any.whl.
File metadata
- Download URL: abuse_whois-0.10.0-py3-none-any.whl
- Upload date:
- Size: 34.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.12 Linux/6.5.0-1022-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f49e81cf7f2cfd0262649cf86bebaa959cbb2ab29ecedafe0190871a0411ad25 |
|
| MD5 | fbe023913f8a293911cbc62a15115884 |
|
| BLAKE2b-256 | d1641a8f75e3fdb6a37029d09b1f456298fc33bb6a0d4b6b73e84a4f8fb47bea |
