- get_asn_info ( IP )
- get_peer_info ( IP )
- get_as_description ( ASN )
- get_as_company ( ASN )
- get_soa_contact( IP )
- get_ipwi_contacts( IP )
- get_rdns( IP )
- get_dnsbl_listing( IP, DNSBL zone )
- get_ip_country( IP )
- get_asn_country( ASN )
- get_abusenet_contact ( domain )
- is_ip ( IP )
- get_domain ( IP )
- get_malware ( md5 )
- CONFIGURATION AND ENVIRONMENT
- BUGS AND LIMITATIONS
- SEE ALSO
- COPYRIGHT AND LICENSE
Net::Abuse::Utils - Routines useful for processing network abuse
use Net::Abuse::Utils qw( :all ); print "IP Whois Contacts: ", join( ' ', get_ipwi_contacts($ip) ), "\n"; print "Abuse.net Contacts: ", get_abusenet_contact($domain), "\n";
Net::Abuse::Utils provides serveral functions useful for determining information about an IP address including contact/reporting addresses, ASN/network info, reverse dns, and DNSBL listing status. Functions which take an IP accept either IPv6 or IPv4 IPs unless indicated otherwise.
There is a
@RESOLVERS package variable you can use to specify name servers different than the systems nameservers for queries from this module. If you intend to use Google's nameservers here, please see This issue on GitHub for a note of caution.
The following functions are exportable from this module. You may import all of them into your namespace with the
get_asn_info ( IP )
Returns a list containing (ASN, Network/Mask, CC code, RIR, modified date) for the network announcing
get_peer_info ( IP )
IPv4 Only. Returns an array of hash references containing (ASN, Network/Mask, CC code, RIR, modified date) for the peers of the network announcing
get_as_description ( ASN )
Returns the AS description for
get_as_company ( ASN )
get_as_description but attempts to clean it up some before returning it.
get_soa_contact( IP )
Returns the SOA contact email address for the reverse DNS /24 zone containing
get_ipwi_contacts( IP )
Returns a list of all email addresses found in whois information for
IP with duplicates removed.
get_rdns( IP )
Returns the reverse PTR for
get_dnsbl_listing( IP, DNSBL zone )
IPv4 Only. Returns the listing text for
IP for the designated DNSBL.
DNSBL zone should be the zone used for looking up addresses in the blocking list.
get_ip_country( IP )
Returns the 2 letter country code for
get_asn_country( ASN )
Returns the 2 letter country code for
get_abusenet_contact ( domain )
Returns the abuse.net listed contact email addresses for
is_ip ( IP )
Returns true if
IP looks like an IP, false otherwise.
get_domain ( IP )
Takes a hostname and attempts to return the domain name.
get_malware ( md5 )
Takes a malware md5 hash and tests it against http://www.team-cymru.org/Services/MHR. Returns a HASHREF of last_seen and detection_rate.
Each subroutine will return undef if unsuccessful. In the furture, debugging output will be available.
CONFIGURATION AND ENVIRONMENT
There are two commented out lines that can be uncommented to enable Memoize support. I haven't yet decided whether to include this option by default. It may be made available in the future via an import flag to use.
This module makes use of the following modules:
BUGS AND LIMITATIONS
There are no known bugs in this module. Please report problems to Michael Greb (email@example.com)
Patches are welcome.
This module was inspired by Karsten M. Self's SpamTools shell scripts, available at http://linuxmafia.com/~karsten/.
Thanks as well to my employer, Linode.com, for allowing me the time to work on this module.
Rik Rose, Jon Honeycutt, Brandon Hale, TJ Fontaine, A. Pagaltzis, and Heidi Greb all provided invaluable input during the development of this module.
For a detailed usage example, please see examples/ip-info.pl included in this module's distribution.
Wes Young <firstname.lastname@example.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2013 by Mike Greb.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.