Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nimbusland - AWS and Azure IP Check - Alpha v0.0.6
import os
from argparse import ArgumentParser
import requests
import time
import logging
from urlparse import urlparse
from netaddr import IPNetwork, IPAddress
import json
from pprint import pprint
from xml.dom import minidom
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
__author__ = '@TweekFawkes'
__website__ = 'Stage2Sec.com'
__blog__ = 'https://Stage2Sec.com/blog/'
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
'''
--- Nimbusland - AWS and Azure IP Check - Alpha v0.0.6 ---
Checks if an IP address is known to be assoicated with AWS or Azure
--- Example Usage ---
... look at the help ...
$ nimbusland-v0_0_6.py -h
... update / download ip ranges using -u ...
$ python nimbusland-v0_0_6.py -u 8.8.8.8
$ python nimbusland-v0_0_6.py 8.8.8.8
...
[+] Match Not Found: 8.8.8.8
$ python nimbusland-v0_0_6.py 51.140.0.1
...
[+] Match Found! 51.140.0.1, 51.140.0.0/20, uksouth, Azure
$ python nimbusland-v0_0_6.py 34.248.0.1
...
[+] Match Found! 34.248.0.1, 34.248.0.0/13, eu-west-1, Aws, EC2
--- Setup on Ubuntu 14.04 x64 ---
apt-get update
apt-get -y install python
apt-get -y install python-pip
pip install netaddr
apt-get -y install python-requests
pip install -U pip setuptools
pip install pyOpenSSL
pip install 'requests[security]'
$ python
Python 2.7.6 (default, Oct 26 2016, 20:30:19)
...
>>> exit()
--- References ---
AWS JSON
-- Download: https://ip-ranges.amazonaws.com/ip-ranges.json
-- Reference: https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/
Azure XML
-- Download: https://download.microsoft.com/download/0/1/8/018E208D-54F8-44CD-AA26-CD7BC9524A8C/PublicIPs_20171127.xml
-- Reference: https://www.microsoft.com/en-us/download/confirmation.aspx?id=41653
'''
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
# Automatically Defined Variables
sScriptName = os.path.basename(__file__)
sVersion = 'Alpha v0.0.6'
#sUserAgentString = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
# Get the Arguments
parser = ArgumentParser(add_help=True)
parser.add_argument('ip',
action="store",
help="[required] ip e.g.: 8.8.8.8")
parser.add_argument("-u", "--update",
action="store_true", dest="fUpdate", default=False,
help="update ip ranges for aws and azure")
args = parser.parse_args()
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
logging.critical("""
\ | _) | | |
\ | | __ `__ \ __ \ | | __| | _` | __ \ _` |
|\ | | | | | | | | | \__ \ | ( | | | ( |
_| \_| _| _| _| _| _.__/ \__,_| ____/ _| \__,_| _| _| \__,_|
""")
logging.critical("[+] Nimbusland - Alpha v0.0.6")
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
sAwsFilename = 'ip-ranges.json'
sAwsUrl = 'https://ip-ranges.amazonaws.com/ip-ranges.json'
sAzureFilename = 'PublicIPs_20180416.xml'
sAzureUrl = 'https://download.microsoft.com/download/0/1/8/018E208D-54F8-44CD-AA26-CD7BC9524A8C/PublicIPs_20180416.xml'
if args.fUpdate is True:
try:
os.remove(sAwsFilename)
except:
logging.critical("[!] Could not delete aws file: " + str(sAwsFilename)) # sys.exc_info()[0]
try:
os.remove(sAzureFilename)
except:
logging.critical("[!] Could not delete azure file: " + str(sAzureFilename)) # sys.exc_info()[0]
if not os.path.isfile(sAwsFilename):
try:
logging.critical("[+] Downloading AWS IP Range File: " + str(int(args.fUpdate)))
r = requests.get(sAwsUrl, allow_redirects=True, verify=False)
open(sAwsFilename, 'wb').write(r.content)
except:
logging.critical("[!] Could not download aws file: " + str(sAwsFilename)) # sys.exc_info()[0]
if not os.path.isfile(sAzureFilename):
try:
logging.critical("[+] Downloading Azure IP Range File: " + str(int(args.fUpdate)))
r = requests.get(sAzureUrl, allow_redirects=True, verify=False)
open(sAzureFilename, 'wb').write(r.content)
except:
logging.critical("[!] Could not download azure file: " + str(sAzureFilename)) # sys.exc_info()[0]
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
sStartIp = str(args.ip).strip()
logging.critical("[-] sStartIp: " + sStartIp)
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
logging.critical("[-] Checking AWS Network Ranges")
json_data=open(sAwsFilename).read()
data = json.loads(json_data)
fMatch = False
fMatchAmazon = False
sLine = ''
for item in data["prefixes"]:
if IPAddress(sStartIp) in IPNetwork(str(item["ip_prefix"])):
if str(item["service"]) == "AMAZON":
fMatch = True
fMatchAmazon = True
sLine = "[+] Match Found in AWS! " + sStartIp + ", " + str(item["ip_prefix"]) + ", " + str(item["region"]) + ", Aws, " + str(item["service"])
else:
fMatch = True
sLine = "[+] Match Found in AWS! " + sStartIp + ", " + str(item["ip_prefix"]) + ", " + str(item["region"]) + ", Aws, " + str(item["service"])
if fMatch is True:
logging.critical( sLine )
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
logging.critical("[-] Checking Azure Network Ranges")
xmldoc = minidom.parse(sAzureFilename)
itemlist = xmldoc.getElementsByTagName('Region')
for s in itemlist:
sRegionName = str( s.attributes['Name'].value )
ilist = s.getElementsByTagName('IpRange')
for r in ilist:
sCidr = str(r.attributes['Subnet'].value)
if IPAddress(sStartIp) in IPNetwork(sCidr):
fMatch = True
logging.critical("[+] Match Found in Azure! " + sStartIp + ", " + str(sCidr) + ", " + str(sRegionName) + ", Azure")
# --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- # --- #
if fMatch is False:
logging.critical("[-] Match Not Found in AWS or Azure: " + sStartIp)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment