Skip to content

Instantly share code, notes, and snippets.

@dafthack
Created April 27, 2020 16:34
Show Gist options
  • Save dafthack/53df74a43502cdf6b04ba33ff526f71b to your computer and use it in GitHub Desktop.
Save dafthack/53df74a43502cdf6b04ba33ff526f71b to your computer and use it in GitHub Desktop.
Quick script to check a list of IP addresses against Azure, AWS, and GCP netblock ranges.
#! /bin/bash
## You need to install grepcidr and jq first
## sudo apt-get install grepcidr jq
##
## AWS and GCP ranges will be created automatically
##
## Because of the way Microsoft hosts the ranges go manually download the public range
## from here: https://www.microsoft.com/en-us/download/details.aspx?id=56519
##
## Put your list of IPs you want to check against the cloud providers in a file called iplist-uniq.txt
## one IP per line.
##
## Run the script passing the Azure json file in as an argument
## ./grepcloud.sh ServiceTags_Public_20200420.json
AZURELIST=$1
jq '.values[].properties.addressPrefixes[]' $AZURELIST | sed 's/"//g' > azure-ranges.txt
IPLIST=`cat iplist-uniq.txt`
set -- $(dig -t txt +short _cloud-netblocks.googleusercontent.com +trace)
##Getting GCP Network Ranges
echo "----Creating GCP Range List-----"
included="" ip4=""
while [ $# -gt 0 ]; do
k="${1%%:*}" v="${1#*:}"
case "$k" in
include)
# only include once
if [ "${included% $v *}" = "${included}" ]; then
set -- "$@" $(dig -t txt +short "$v")
included=" $v $included"
fi
;;
ip4) ip4="$v $ip4" ;;
esac
shift
done
for i in $ip4; do
echo "$i" >> gcp-ranges.txt
done
##Getting AWS Network Ranges
echo "-----Creating AWS Range List-----"
curl -o aws.json https://ip-ranges.amazonaws.com/ip-ranges.json
jq '.prefixes[].ip_prefix' aws.json | sed 's/"//g' > aws-ranges.txt
##AWS
echo "------Now Checking AWS Ranges------"
for IP in $IPLIST; do
grepcidr -f aws-ranges.txt <(echo "$IP") >/dev/null && \
echo "$IP is in the AWS ranges"
done
##AZURE
echo "------Now Checking Azure Ranges------"
for IP in $IPLIST; do
grepcidr -f azure-ranges.txt <(echo "$IP") >/dev/null && \
echo "$IP is in the Azure ranges"
done
##GCP
echo "------Now Checking GCP Ranges------"
for IP in $IPLIST; do
grepcidr -f gcp-ranges.txt <(echo "$IP") >/dev/null && \
echo "$IP is in the Azure ranges"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment