README
1NAME
2
3 Net::Abuse::Utils - Routines useful for processing network abuse
4
5VERSION
6
7 version 0.27
8
9SYNOPSIS
10
11 use Net::Abuse::Utils qw( :all );
12 print "IP Whois Contacts: ", join( ' ', get_ipwi_contacts($ip) ), "\n";
13 print "Abuse.net Contacts: ", get_abusenet_contact($domain), "\n";
14
15DESCRIPTION
16
17 Net::Abuse::Utils provides serveral functions useful for determining
18 information about an IP address including contact/reporting addresses,
19 ASN/network info, reverse dns, and DNSBL listing status. Functions
20 which take an IP accept either IPv6 or IPv4 IPs unless indicated
21 otherwise.
22
23CONFIGURATION
24
25 There is a @RESOLVERS package variable you can use to specify name
26 servers different than the systems nameservers for queries from this
27 module. If you intend to use Google's nameservers here, please see This
28 issue on GitHub for a note of caution
29 <https://github.com/mikegrb/Net-Abuse-Utils/issues/9#issuecomment-24387435>.
30
31FUNCTIONS
32
33 The following functions are exportable from this module. You may import
34 all of them into your namespace with the :all tag.
35
36 get_asn_info ( IP )
37
38 Returns a list containing (ASN, Network/Mask, CC code, RIR, modified
39 date) for the network announcing IP.
40
41 get_all_asn_info ( IP )
42
43 Returns a reference to a list of listrefs containting ASN(s),
44 Network,Mask, CC code, RIR, and modified date fall all networks
45 announcing IP.
46
47 get_peer_info ( IP )
48
49 IPv4 Only. Returns an array of hash references containing (ASN,
50 Network/Mask, CC code, RIR, modified date) for the peers of the network
51 announcing IP.
52
53 get_as_description ( ASN )
54
55 Returns the AS description for ASN.
56
57 get_as_company ( ASN )
58
59 Similiar to "get_as_description" but attempts to clean it up some
60 before returning it.
61
62 get_soa_contact( IP )
63
64 Returns the SOA contact email address for the reverse DNS /24 zone
65 containing IP.
66
67 get_ipwi_contacts( IP )
68
69 Returns a list of all email addresses found in whois information for IP
70 with duplicates removed.
71
72 get_rdns( IP )
73
74 Returns the reverse PTR for IP.
75
76 get_dnsbl_listing( IP, DNSBL zone )
77
78 IPv4 Only. Returns the listing text for IP for the designated DNSBL.
79 DNSBL zone should be the zone used for looking up addresses in the
80 blocking list.
81
82 get_ip_country( IP )
83
84 Returns the 2 letter country code for IP.
85
86 get_asn_country( ASN )
87
88 Returns the 2 letter country code for ASN.
89
90 get_abusenet_contact ( domain )
91
92 Returns the abuse.net listed contact email addresses for domain.
93
94 is_ip ( IP )
95
96 Returns true if IP looks like an IP, false otherwise.
97
98 get_domain ( IP )
99
100 Takes a hostname and attempts to return the domain name.
101
102 get_malware ( md5 )
103
104 Takes a malware md5 hash and tests it against
105 http://www.team-cymru.org/Services/MHR. Returns a HASHREF of last_seen
106 and detection_rate.
107
108DIAGNOSTICS
109
110 Each subroutine will return undef if unsuccessful. In the future,
111 debugging output will be available.
112
113CONFIGURATION AND ENVIRONMENT
114
115 There are two commented out lines that can be uncommented to enable
116 Memoize support. I haven't yet decided whether to include this option
117 by default. It may be made available in the future via an import flag
118 to use.
119
120DEPENDENCIES
121
122 This module makes use of the following modules:
123
124 Net::IP, Net::DNS, Net::Whois::IP, and Email::Address::XS
125
126BUGS AND LIMITATIONS
127
128 There are no known bugs in this module. Please report problems to
129 Michael Greb (mgreb@linode.com)
130
131 Patches are welcome.
132
133ACKNOWLEDGEMENTS
134
135 This module was inspired by Karsten M. Self's SpamTools shell scripts,
136 available at http://linuxmafia.com/~karsten/.
137
138 Thanks as well to my employer, Linode.com, for allowing me the time to
139 work on this module.
140
141 Rik Rose, Jon Honeycutt, Brandon Hale, TJ Fontaine, A. Pagaltzis, and
142 Heidi Greb all provided invaluable input during the development of this
143 module.
144
145SEE ALSO
146
147 For a detailed usage example, please see examples/ip-info.pl included
148 in this module's distribution.
149
150AUTHORS
151
152 * mikegrb <michael@thegrebs.com>
153
154 * Wes Young <github@barely3am.com>
155
156COPYRIGHT AND LICENSE
157
158 This software is copyright (c) 2013 by Mike Greb.
159
160 This is free software; you can redistribute it and/or modify it under
161 the same terms as the Perl 5 programming language system itself.
162
163AUTHORS
164
165 * mikegrb <michael@thegrebs.com>
166
167 * Wes Young <github@barely3am.com>
168
169COPYRIGHT AND LICENSE
170
171 This software is copyright (c) 2013-2018 by Michael Greb
172
173 This is free software; you can redistribute it and/or modify it under
174 the same terms as the Perl 5 programming language system itself.
175
176AUTHORS
177
178 * mikegrb <michael@thegrebs.com>
179
180 * Wes Young <github@barely3am.com>
181
182COPYRIGHT AND LICENSE
183
184 This software is copyright (c) 2013 by =over 4.
185
186 This is free software; you can redistribute it and/or modify it under
187 the same terms as the Perl 5 programming language system itself.
188
189