-
-
Save TweekFawkes/ff83fe294f82f6d73c3ad14697e43ad5 to your computer and use it in GitHub Desktop.
Nimbusland - AWS and Azure IP Check - Alpha v0.0.6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| from argparse import ArgumentParser | |
| import requests | |
| import time | |
| import logging | |
| from urlparse import urlparse | |
| from netaddr import IPNetwork, IPAddress | |
| import json | |
| from pprint import pprint | |
| from xml.dom import minidom | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| __author__ = '@TweekFawkes' | |
| __website__ = 'Stage2Sec.com' | |
| __blog__ = 'https://Stage2Sec.com/blog/' | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| ''' | |
| --- Nimbusland - AWS and Azure IP Check - Alpha v0.0.6 --- | |
| Checks if an IP address is known to be assoicated with AWS or Azure | |
| --- Example Usage --- | |
| ... look at the help ... | |
| $ nimbusland-v0_0_6.py -h | |
| ... update / download ip ranges using -u ... | |
| $ python nimbusland-v0_0_6.py -u 8.8.8.8 | |
| $ python nimbusland-v0_0_6.py 8.8.8.8 | |
| ... | |
| [+] Match Not Found: 8.8.8.8 | |
| $ python nimbusland-v0_0_6.py 51.140.0.1 | |
| ... | |
| [+] Match Found! 51.140.0.1, 51.140.0.0/20, uksouth, Azure | |
| $ python nimbusland-v0_0_6.py 34.248.0.1 | |
| ... | |
| [+] Match Found! 34.248.0.1, 34.248.0.0/13, eu-west-1, Aws, EC2 | |
| --- Setup on Ubuntu 14.04 x64 --- | |
| apt-get update | |
| apt-get -y install python | |
| apt-get -y install python-pip | |
| pip install netaddr | |
| apt-get -y install python-requests | |
| pip install -U pip setuptools | |
| pip install pyOpenSSL | |
| pip install 'requests[security]' | |
| $ python | |
| Python 2.7.6 (default, Oct 26 2016, 20:30:19) | |
| ... | |
| >>> exit() | |
| --- References --- | |
| AWS JSON | |
| -- Download: https://ip-ranges.amazonaws.com/ip-ranges.json | |
| -- Reference: https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/ | |
| Azure XML | |
| -- Download: https://download.microsoft.com/download/0/1/8/018E208D-54F8-44CD-AA26-CD7BC9524A8C/PublicIPs_20171127.xml | |
| -- Reference: https://www.microsoft.com/en-us/download/confirmation.aspx?id=41653 | |
| ''' | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| # Automatically Defined Variables | |
| sScriptName = os.path.basename(__file__) | |
| sVersion = 'Alpha v0.0.6' | |
| #sUserAgentString = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)' | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| # Get the Arguments | |
| parser = ArgumentParser(add_help=True) | |
| parser.add_argument('ip', | |
| action="store", | |
| help="[required] ip e.g.: 8.8.8.8") | |
| parser.add_argument("-u", "--update", | |
| action="store_true", dest="fUpdate", default=False, | |
| help="update ip ranges for aws and azure") | |
| args = parser.parse_args() | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| logging.critical(""" | |
| \ | _) | | | | |
| \ | | __ `__ \ __ \ | | __| | _` | __ \ _` | | |
| |\ | | | | | | | | | \__ \ | ( | | | ( | | |
| _| \_| _| _| _| _| _.__/ \__,_| ____/ _| \__,_| _| _| \__,_| | |
| """) | |
| logging.critical("[+] Nimbusland - Alpha v0.0.6") | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| sAwsFilename = 'ip-ranges.json' | |
| sAwsUrl = 'https://ip-ranges.amazonaws.com/ip-ranges.json' | |
| sAzureFilename = 'PublicIPs_20180416.xml' | |
| sAzureUrl = 'https://download.microsoft.com/download/0/1/8/018E208D-54F8-44CD-AA26-CD7BC9524A8C/PublicIPs_20180416.xml' | |
| if args.fUpdate is True: | |
| try: | |
| os.remove(sAwsFilename) | |
| except: | |
| logging.critical("[!] Could not delete aws file: " + str(sAwsFilename)) # sys.exc_info()[0] | |
| try: | |
| os.remove(sAzureFilename) | |
| except: | |
| logging.critical("[!] Could not delete azure file: " + str(sAzureFilename)) # sys.exc_info()[0] | |
| if not os.path.isfile(sAwsFilename): | |
| try: | |
| logging.critical("[+] Downloading AWS IP Range File: " + str(int(args.fUpdate))) | |
| r = requests.get(sAwsUrl, allow_redirects=True, verify=False) | |
| open(sAwsFilename, 'wb').write(r.content) | |
| except: | |
| logging.critical("[!] Could not download aws file: " + str(sAwsFilename)) # sys.exc_info()[0] | |
| if not os.path.isfile(sAzureFilename): | |
| try: | |
| logging.critical("[+] Downloading Azure IP Range File: " + str(int(args.fUpdate))) | |
| r = requests.get(sAzureUrl, allow_redirects=True, verify=False) | |
| open(sAzureFilename, 'wb').write(r.content) | |
| except: | |
| logging.critical("[!] Could not download azure file: " + str(sAzureFilename)) # sys.exc_info()[0] | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| sStartIp = str(args.ip).strip() | |
| logging.critical("[-] sStartIp: " + sStartIp) | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| logging.critical("[-] Checking AWS Network Ranges") | |
| json_data=open(sAwsFilename).read() | |
| data = json.loads(json_data) | |
| fMatch = False | |
| fMatchAmazon = False | |
| sLine = '' | |
| for item in data["prefixes"]: | |
| if IPAddress(sStartIp) in IPNetwork(str(item["ip_prefix"])): | |
| if str(item["service"]) == "AMAZON": | |
| fMatch = True | |
| fMatchAmazon = True | |
| sLine = "[+] Match Found in AWS! " + sStartIp + ", " + str(item["ip_prefix"]) + ", " + str(item["region"]) + ", Aws, " + str(item["service"]) | |
| else: | |
| fMatch = True | |
| sLine = "[+] Match Found in AWS! " + sStartIp + ", " + str(item["ip_prefix"]) + ", " + str(item["region"]) + ", Aws, " + str(item["service"]) | |
| if fMatch is True: | |
| logging.critical( sLine ) | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| logging.critical("[-] Checking Azure Network Ranges") | |
| xmldoc = minidom.parse(sAzureFilename) | |
| itemlist = xmldoc.getElementsByTagName('Region') | |
| for s in itemlist: | |
| sRegionName = str( s.attributes['Name'].value ) | |
| ilist = s.getElementsByTagName('IpRange') | |
| for r in ilist: | |
| sCidr = str(r.attributes['Subnet'].value) | |
| if IPAddress(sStartIp) in IPNetwork(sCidr): | |
| fMatch = True | |
| logging.critical("[+] Match Found in Azure! " + sStartIp + ", " + str(sCidr) + ", " + str(sRegionName) + ", Azure") | |
| # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # | |
| if fMatch is False: | |
| logging.critical("[-] Match Not Found in AWS or Azure: " + sStartIp) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment