0

TL;DR

I would like to extract the Provider, range Start, range End and the name of the provider from the output of whois in an automated way, but that output varies by provider, so I would like help extracting those three pieces of information for any provider.

Details

I've got a list of IPs. I want to check their provider for each IP with the help of whois for my script and want to pipe it to a Database using mysql.

I want to fill a mySQL Table with the ipranges of the provider but only if the Range of the Provider is already there.

i.e. IP=187.187.187.187 whois $IP and then get the Providername and the Range of segment but only if i don't already have it in my Table

I got a plan that it should look something like this:

function ip2dec ...
function dec2ip ...

function awhois (){ ... 
     THEPROVIDER=$(whois $1 | grep PROVIDER) #<- i don't know how to grep 
     THERANGESTART=$(whois $1 | grep START) #<- i don't know how to grep
     THERANGEENDING=$(whois $1 | grep END) #<- i don't know how to grep
}

while read line; do 
    DECIP=`ip2dec $line`
    if [[ ! $(mysql -u$THEUSER -p$PASSWORD -h$THEHOST -e "select iprangestart, iprangeend from $DATABASE.$TABLE where $DECIP BETWEEN iprangestart and iprangeend" 2>/dev/null) ]];
        then
        awhois $line
        mysql -u$THEUSER -p$PASSWORD -h$THEHOST -e 
           "INSERT INTO $DATABASE.$TABLE (iprangestart, iprangeend, provider) 
                VALUES ( \"$THERANGESTART\", \"$THERANGEENDING\", \"$THEPROVIDER\")" 2>/dev/null
    fi
done < data/allips

But i don't really know how to grep the provider and the range since it has a different pattern from provider to provider

Mohsen Teta
  • 1
  • 2
  • You're very close, that's how you define a function in bash. Is this not working for you? Can you add to your question what output you get? – joanis Jan 27 '21 at 13:20
  • Here's what looks like a good tutorial: https://linuxize.com/post/bash-functions/ – joanis Jan 27 '21 at 13:22
  • In fact, I just did some tests, and your function should work as written and as used. – joanis Jan 27 '21 at 13:24
  • @joanis sorry, my english isnt good at all. I had a different questing in mind. My Problem was the grep since it is different from provider to provider inside whois. Still thank you :) – Mohsen Teta Jan 27 '21 at 14:02
  • Oh, I see. Thanks for updating the question, then! I don't have easy access to whois right now, so I won't be able to help you with that, sorry. – joanis Jan 27 '21 at 14:36
  • This may help: https://unix.stackexchange.com/q/342489/327696 – joanis Jan 27 '21 at 14:44

1 Answers1

0

I gave it up after trying alot of different ways to get the provider name with the help of whois. And tried this instead.

I had to use wget since curl did'nt give me anything useful.

This is the final result:

function ip2dec(){ # Convert an IPv4 IP number to its decimal equivalent.
      declare -i a b c d;
      IFS=. read a b c d <<<"$1";
      echo "$(((a<<24)+(b<<16)+(c<<8)+d))";
}

while read ipadd; do 
    DECIP=`ip2dec $ipadd`
    if [[ $(mysql -N -u$THEUSER -p$PASSWORD -h$THEHOST -e "select providername from $DATABASE.$TABLE where $DECIP >= providerrangestart and $DECIP <= providerrangeende" 2>/dev/null| wc -l) -eq 0 ]];
    then
        INET=$(whois $ipadd | egrep "inetnum")
        NETRAN=$(whois $ipadd | egrep "netrange")
        ISPP=`wget https://www.whoismyisp.org/ip/$ipadd 2>/dev/null`
        THEPROVIDER=`cat $ISPP | grep -oP -m1 '(?<=isp">).*(?=</p)' | cut -c -31`
        if [[ $(echo "$THEPROVIDER" | egrep -i 'D2VODAFONE|Arcor|Vodafone D2') ]]; then 
            THEPROVIDER="Vodafone GmbH"
        elif [[ $(echo "$THEPROVIDER" | egrep -i "Telefonica|Telefonica O2") ]]; then
            THEPROVIDER="Deutsche Telekom AG"
        elif [[ $(echo "$THEPROVIDER" | egrep -i "1&1 Versatel Deutschland GmbH|1&1 Internet SE") ]]; then
            THEPROVIDER="1&1 GmbH"
        fi

        if [[ $INET ]];then 
            echo "new dump"
            THERANGESTART=`echo $INET | awk '{print $2}'`
            DECRANGESTART=`ip2dec $RANGESTART`
            echo "Rangestart: $DECRANGESTART"
            RANGEEND=`echo $INET | awk '{print $4}'`
            DECRANGEEND=`ip2dec $RANGEEND`
            echo "Rangeend: $RANGEEND"
            echo "Provider: $THEPROVIDER"
            echo ""
            mysql -u$THEUSER -p$PASSWORD -h$THEHOST -e "INSERT INTO $DATABASE.$TABLE (providerrangestart, providerrangeende, providername) VALUES ( \"$DECRANGESTART\", \"$DECRANGEEND\", \"$THEPROVIDER\")" 2>/dev/null 

        elif [[ $NETRAN ]]; then
            echo "new dump"
            THERANGESTART=`echo $NETRAN | awk '{print $2}'`
            DECRANGESTART=`ip2dec $RANGESTART`
            echo "Rangestart: $RANGESTART"
            RANGEEND=`echo $NETRAN | awk '{print $4}'`
            DECRANGEEND=`ip2dec $RANGEEND`
            echo "Rangeend: $RANGEEND"
            echo "Provider: $THEPROVIDER"
            echo ""
            mysql -u$THEUSER -p$PASSWORD -h$THEHOST -e "INSERT INTO $DATABASE.$TABLE (providerrangestart, providerrangeende, providername) VALUES ( \"$DECRANGESTART\", \"$DECRANGEEND\", \"$THEPROVIDER\")" 2>/dev/null            

        else 
            echo "Failed to optain ISP and IP-Range" 
            echo -e "$ipadd \n"
        fi
        rm $ipadd
    fi
done < data/allips
rm data/allips
Mohsen Teta
  • 1
  • 2