Find where to report a domain for abuse
Project description
abuse_whois
A Sigma and RDAP/Whois based abuse contacts finder.
This tool is highly inspired from the following libraries:
How It Works
- Query a given address via RDAP (fallback to Whois is if RDAP fails)
- Check a query result with Sigma rules and find contacts (fallback to regex if there is no match)
Requirements
- Python 3.10+
Installation
pip install abuse_whois
# or if you want to use built-in REST API
pip install abuse_whois[api]
Usage
As a library
from abuse_whois import get_abuse_contacts
await get_abuse_contacts("1.1.1.1")
await get_abuse_contacts("github.com")
await get_abuse_contacts("https://github.com")
await get_abuse_contacts("foo@example.com")
As a CLI tool
abuse_whois 1.1.1.1
abuse_whois example.com
abuse_whois foo@example.com
abuse_whois http://example.com
As a REST API
$ uvicorn abuse_whois.api.main:app
INFO: Started server process [2283]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
$ http localhost:8000/api/whois/ address=https://github.com
With Docker
git clone https://github.com/ninoseki/abuse_whois
cd abuse_whois
docker build . -t abuse-whois
docker run -i -d -p 8000:8000 abuse-whois
Settings
All settings can be done via environment variables or .env
file.
Name | Type | Default | Desc. |
---|---|---|---|
QUERY_TIMEOUT | int | 10 | Timeout value for whois lookup (seconds) |
QUERY_CACHE_SIZE | int | 1024 | Cache size for whois lookup |
QUERY_CACHE_TTL | int | 3600 | Cache TTL value for whois lookup (seconds) |
QUERY_MAX_RETRIES | int | 3 | Max retries on timeout error |
RULE_EXTENSIONS | CommaSeparatedStrings | yaml,yml | Rule file extensions |
ADDITIONAL_WHOIS_RULE_DIRECTORIES | CommaSeparatedStrings | Additional directories contain whois rule files | |
ADDITIONAL_SHARED_HOSTING_RULE_DIRECTORIES | CommaSeparatedStrings | Additional directories contain shared hosting rule files |
Contributions
abuse_whois
works based on a combination of static rules and a parsing result of whois response.
Please submit a PR (or submit a feature request) if you find something missing.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
abuse_whois-0.9.1.tar.gz
(17.9 kB
view hashes)
Built Distribution
Close
Hashes for abuse_whois-0.9.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0d6395d8b9ed16337ef18bfa83782bdf40731af5756cc12d36de3a7acac0b643 |
|
MD5 | 8530d0dab4588cf351cc385cab0dc66e |
|
BLAKE2b-256 | 98cb41b54916a07c5badedb4286e2e7b4880e0e7b644fbed88f6ee59a5c42b00 |