1#!/usr/bin/perl 2 3# whois_lookup.pl, distributed as part of Snortsnarf v021111.1 4# Author: James Hoagland, Silicon Defense (hoagland@SiliconDefense.com) 5# copyright (c) 2000 by Silicon Defense (http://www.silicondefense.com/) 6# Released under GNU General Public License, see the COPYING file included 7# with the distribution or http://www.silicondefense.com/software/snortsnarf/ 8# for details. 9 10# whois_lookup.pl is a Pipeline module used to obtain a list of contact 11# e-mail addresses for an IP address using IPAddrContact.pm 12# pipeline args: Ip address, output loc 13# side effect: output loc gets a comma-separated list of e-mail addresses 14 15# Please send complaints, kudos, and especially improvements and bugfixes to 16# hoagland@SiliconDefense.com. As described in GNU General Public License, no 17# warranty is expressed for this program. 18 19sub process { 20 require "sisr_utils.pl"; 21 use IPAddrContact; 22 my ($input)= shift; 23 @_ == 2 || (&reporterr("whois_lookup.pl takes 2 arguments (address,output file/envvar), but got:".join(' ',@_),0) && return 0); 24 my $outloc= pop(@_); 25 26 my ($addrs,$fld)= &arg_to_val($input,@_); 27 28 my @emails= (); 29 while ($addrs =~ s/([\w\.\-]+)//) { 30 push(@emails,&lookup($1,0)); 31 } 32 33 my $res= join(',',@emails); 34 35 &write_out_to_arg($input,$outloc,$res); 36}; 37 38\&process; 39 40# $Id: whois_lookup.pl,v 1.12 2001/10/18 18:23:25 jim Exp $ 41