/check

Check.py - An extended ip / domain lookup tool

Primary LanguagePython

check.py

Check.py is an extended lookup tool to pull information about an IP address or domain.

It currently does the following things (all or selectable):

  • Query Google Safe Browsing API for website reputation.
  • Query Web Of Trust API for website reputation and categories.
  • Query and cache several domain- and IP blacklist sources for matches.
  • Query PassiveDNS from PassiveTotal and VirusTotal.
  • Query VirusTotal for matches for target address.
  • Query MetaScan for matches for target address
  • Search Twitter for mentions of domain name or IP address
  • Retrieve certificate information with OpenSSL
  • Query WHOIS for domain name and IP address.
  • Query local GeoIP database.
  • Query spam blocklists for address.
  • Ping the host.
  • Check common ports for available services.
  • Try to retrieve and show HTTP headers from said ports.

Some modules require registration to the service and a free API key.

Who needs this?

I wrote this to quickly pull information on an network address of interest. Usually to gather this information you need to run several commands and access several websites - this script gathers everything in one place and formats the output in a pleasing manner. With basic usage of "check.py -d example.com -a" you can run all modules and save the output in a log file. For processing the log file later on you can suppress colour and graphics.

This might be useful for sysadmins, secops, investigators or whoever needs to quickly and efficiently assess a network resource.

With default options it does contact the host directly, but there modules that query external resources which can pull a lot of interesting information.

It is also the first thing I've written in Python so that's what it looks like.

API keys should be addedd to apikeys.conf, for which a template is automatically created on first run if the file is not found.

if you get trouble email me at antti@kurittu.org and I'll try to help!
Tested with debian and OS X, I have no idea or interest whether this thing works on Windows.
See requirements.txt for dependencies.

Better documentation coming up later...