.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .if !\nF .nr F 0 .if \nF>0 \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} .\} .\" ======================================================================== .\" .IX Title "Net::Abuse::Utils 3pm" .TH Net::Abuse::Utils 3pm "2016-12-11" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Net::Abuse::Utils \- Routines useful for processing network abuse .SH "VERSION" .IX Header "VERSION" version 0.25 .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 3 \& use Net::Abuse::Utils qw( :all ); \& print "IP Whois Contacts: ", join( \*(Aq \*(Aq, get_ipwi_contacts($ip) ), "\en"; \& print "Abuse.net Contacts: ", get_abusenet_contact($domain), "\en"; .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Net::Abuse::Utils provides several functions useful for determining information about an \s-1IP\s0 address including contact/reporting addresses, ASN/network info, reverse dns, and \s-1DNSBL\s0 listing status. Functions which take an \s-1IP\s0 accept either IPv6 or IPv4 IPs unless indicated otherwise. .SH "NAME" Net::Abuse::Utils \- Routines useful for processing network abuse .SH "VERSION" .IX Header "VERSION" version 0.24 .SH "CONFIGURATION" .IX Header "CONFIGURATION" There is a \f(CW@RESOLVERS\fR package variable you can use to specify name servers different than the systems nameservers for queries from this module. If you intend to use Google's nameservers here, please see This issue on GitHub for a note of caution . .SH "FUNCTIONS" .IX Header "FUNCTIONS" The following functions are exportable from this module. You may import all of them into your namespace with the \f(CW\*(C`:all\*(C'\fR tag. .SS "get_asn_info ( \s-1IP \s0)" .IX Subsection "get_asn_info ( IP )" Returns a list containing (\s-1ASN,\s0 Network/Mask, \s-1CC\s0 code, \s-1RIR,\s0 modified date) for the network announcing \f(CW\*(C`IP\*(C'\fR. .SS "get_all_asn_info ( \s-1IP \s0)" .IX Subsection "get_all_asn_info ( IP )" Returns a reference to a list of listrefs containing \s-1ASN\s0(s), Network,Mask, \&\s-1CC\s0 code, \s-1RIR,\s0 and modified date fall all networks announcing \f(CW\*(C`IP\*(C'\fR. .SS "get_peer_info ( \s-1IP \s0)" .IX Subsection "get_peer_info ( IP )" IPv4 Only. Returns an array of hash references containing (\s-1ASN,\s0 Network/Mask, \&\s-1CC\s0 code, \s-1RIR,\s0 modified date) for the peers of the network announcing \f(CW\*(C`IP\*(C'\fR. .SS "get_as_description ( \s-1ASN \s0)" .IX Subsection "get_as_description ( ASN )" Returns the \s-1AS\s0 description for \f(CW\*(C`ASN\*(C'\fR. .SS "get_as_company ( \s-1ASN \s0)" .IX Subsection "get_as_company ( ASN )" Similar to \f(CW\*(C`get_as_description\*(C'\fR but attempts to clean it up some before returning it. .SS "get_soa_contact( \s-1IP \s0)" .IX Subsection "get_soa_contact( IP )" Returns the \s-1SOA\s0 contact email address for the reverse \s-1DNS /24\s0 zone containing \f(CW\*(C`IP\*(C'\fR. .SS "get_ipwi_contacts( \s-1IP \s0)" .IX Subsection "get_ipwi_contacts( IP )" Returns a list of all email addresses found in whois information for \f(CW\*(C`IP\*(C'\fR with duplicates removed. .SS "get_rdns( \s-1IP \s0)" .IX Subsection "get_rdns( IP )" Returns the reverse \s-1PTR\s0 for \f(CW\*(C`IP\*(C'\fR. .SS "get_dnsbl_listing( \s-1IP, DNSBL\s0 zone )" .IX Subsection "get_dnsbl_listing( IP, DNSBL zone )" IPv4 Only. Returns the listing text for \f(CW\*(C`IP\*(C'\fR for the designated \s-1DNSBL. \&\s0\f(CW\*(C`DNSBL zone\*(C'\fR should be the zone used for looking up addresses in the blocking list. .SS "get_ip_country( \s-1IP \s0)" .IX Subsection "get_ip_country( IP )" Returns the 2 letter country code for \f(CW\*(C`IP\*(C'\fR. .SS "get_asn_country( \s-1ASN \s0)" .IX Subsection "get_asn_country( ASN )" Returns the 2 letter country code for \f(CW\*(C`ASN\*(C'\fR. .SS "get_abusenet_contact ( domain )" .IX Subsection "get_abusenet_contact ( domain )" Returns the abuse.net listed contact email addresses for \f(CW\*(C`domain\*(C'\fR. .SS "is_ip ( \s-1IP \s0)" .IX Subsection "is_ip ( IP )" Returns true if \f(CW\*(C`IP\*(C'\fR looks like an \s-1IP,\s0 false otherwise. .SS "get_domain ( \s-1IP \s0)" .IX Subsection "get_domain ( IP )" Takes a hostname and attempts to return the domain name. .SS "get_malware ( md5 )" .IX Subsection "get_malware ( md5 )" Takes a malware md5 hash and tests it against http://www.team\-cymru.org/Services/MHR. Returns a \s-1HASHREF\s0 of last_seen and detection_rate. .SH "DIAGNOSTICS" .IX Header "DIAGNOSTICS" Each subroutine will return undef if unsuccessful. In the future, debugging output will be available. .SH "CONFIGURATION AND ENVIRONMENT" .IX Header "CONFIGURATION AND ENVIRONMENT" There are two commented out lines that can be uncommented to enable Memoize support. I haven't yet decided whether to include this option by default. It may be made available in the future via an import flag to use. .SH "DEPENDENCIES" .IX Header "DEPENDENCIES" This module makes use of the following modules: .PP Net::IP, Net::DNS, Net::Whois::IP, and Email::Address .SH "BUGS AND LIMITATIONS" .IX Header "BUGS AND LIMITATIONS" There are no known bugs in this module. Please report problems to Michael Greb (mgreb@linode.com) .PP Patches are welcome. .SH "ACKNOWLEDGEMENTS" .IX Header "ACKNOWLEDGEMENTS" This module was inspired by Karsten M. Self's SpamTools shell scripts, available at http://linuxmafia.com/~karsten/. .PP Thanks as well to my employer, Linode.com, for allowing me the time to work on this module. .PP Rik Rose, Jon Honeycutt, Brandon Hale, \s-1TJ\s0 Fontaine, A. Pagaltzis, and Heidi Greb all provided invaluable input during the development of this module. .SH "SEE ALSO" .IX Header "SEE ALSO" For a detailed usage example, please see examples/ip\-info.pl included in this module's distribution. .SH "AUTHORS" .IX Header "AUTHORS" .IP "\(bu" 4 mikegrb .IP "\(bu" 4 Wes Young .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" This software is copyright (c) 2013 by Mike Greb. .PP This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. .SH "AUTHORS" .IX Header "AUTHORS" .IP "\(bu" 4 mikegrb .IP "\(bu" 4 Wes Young .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" This software is copyright (c) 2013 by =over 4. .PP This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. .SH "AUTHORS" .IX Header "AUTHORS" .IP "\(bu" 4 mikegrb .IP "\(bu" 4 Wes Young .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" This software is copyright (c) 2013 by =over 4. .PP This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.