Net-Abuse-Utils
view release on metacpan or search on metacpan
lib/Net/Abuse/Utils.pm view on Meta::CPAN
}
return keys %unique_elements;
}
sub _strip_whitespace {
my $string = shift;
return unless $string;
for ($string) {
s/^\s+//;
s/\s+$//;
}
return $string;
}
sub get_ipwi_contacts {
my $ip = shift;
my $ver = Net::IP::ip_get_version($ip);
return unless $ver;
my @addresses;
my %unique_addresses;
# work-around for the new way arin works
# it doesn't like networks very well.
my @bits = split(/\//,$ip);
$ip = $bits[0] if($#bits > 0);
my $response = whoisip_query($ip);
# whoisip_query returns array ref if not found
return unless ref($response) eq 'HASH';
my @fields = exists $response->{'abuse-mailbox'} ? ( 'abuse-mailbox' ) : keys %$response;
foreach my $field (@fields) {
push @addresses, Email::Address::XS->parse($response->{$field});
}
@addresses = grep { defined $_ } map { $_->address } @addresses;
return _return_unique (\@addresses);
}
sub get_all_asn_info {
my $ip = shift;
my $ver = Net::IP::ip_get_version($ip);
return unless $ver;
my $domain
= ( $ver == 4 ) ? '.origin.asn.cymru.com' : '.origin6.asn.cymru.com';
my $lookup = _reverse_ip($ip) . $domain;
my $data = [ _return_rr( $lookup, 'TXT', 2 ) ] or return;
# Separate fields and order by netmask length
# 23028 | 216.90.108.0/24 | US | arin | 1998-09-25
# 701 1239 3549 3561 7132 | 216.90.108.0/24 | US | arin | 1998-09-25
for my $asinfo (@$data) {
$asinfo = { data => [ split m/ ?\| ?/, $asinfo ] };
$asinfo->{length} = ( split m|/|, $asinfo->{data}[1] )[1];
}
$data = [ map { $_->{data} }
reverse sort { $a->{length} <=> $b->{length} } @$data ];
return $data;
}
sub get_asn_info {
my $data = get_all_asn_info(shift);
return unless $data && @$data;
# just the first AS if multiple ASes are listed
if ($data->[0][0] =~ /^(\d+) \d+/) {
$data->[0][0] = $1;
}
# return just the first result, as a list
return @{ $data->[0] };
}
sub get_peer_info {
my $ip = shift;
# IPv4 only until Cymru has an IPv6 peer database
my $ver = Net::IP::ip_get_version($ip);
return unless $ver && $ver == 4;
my $lookup = _reverse_ip($ip) . '.peer.asn.cymru.com';
my @origin_as = _return_rr($lookup, 'TXT', 2) or return;
my $return = [];
foreach my $as (@origin_as){
my @peers = split(/\s\|\s?/,$as);
my %hash = (
prefix => $peers[1],
cc => $peers[2],
rir => $peers[3],
date => $peers[4],
);
my @asns = split(/\s/,$peers[0]);
foreach (@asns){
$hash{'asn'} = $_;
push(@$return,{
prefix => $peers[1],
cc => $peers[2],
rir => $peers[3],
date => $peers[4],
asn => $_,
});
}
}
return(@$return) if wantarray;
return($return);
}
# test with 733a48a9cb49651d72fe824ca91e8d00
# http://www.team-cymru.org/Services/MHR/
sub get_malware {
my $hash = shift;
( run in 0.542 second using v1.01-cache-2.11-cpan-71847e10f99 )