Merge branch 'InfoSecChecker'

Makefile

@@ -2,10 +2,10 @@ install:
 	go install cmd/checkip.go
 
 run: install
-	checkip 140.82.114.4
+	checkip 91.228.166.47
+	checkip 209.141.33.65
 	checkip 218.92.0.158
-	checkip 92.118.160.17
-	checkip -j 92.118.160.17 | jq -r '.[] | select(.Type=="Sec") | "\(.Name) => \(.IsMalicious)"'
+	checkip -j 218.92.0.158 | jq -r '.[] | select(.Type=="Sec" or .Type=="InfoSec") | "\(.Name) => \(.IsMalicious)"'
 
 PLATFORMS := linux/amd64 darwin/amd64 linux/arm windows/amd64
 

README.md

@@ -1,9 +1,9 @@
 # checkip
 
 `checkip` is a CLI tool and library that checks an IP address using various
-public services.
+public services. It provides generic and security information.
 
-<img src="checkip.png" width="600">
+<img src="checkip.png" width="700">
 
 ## Installation and configuration
 

abuseipdb.go

@@ -70,3 +70,7 @@ func (a *AbuseIPDB) Check(ipaddr net.IP) error {
 func (a *AbuseIPDB) IsMalicious() bool {
 	return a.Data.TotalReports > 0 && !a.Data.IsWhitelisted && a.Data.AbuseConfidenceScore > 25
 }
+
+func (a *AbuseIPDB) Info() string {
+	return fmt.Sprintf("domain: %s, usage type: %s", na(a.Data.Domain), na(a.Data.UsageType))
+}

as.go

@@ -41,7 +41,7 @@ func (a *AS) Check(ipaddr net.IP) error {
 
 // Info returns interesting information from the check.
 func (a *AS) Info() string {
-	return a.Description
+	return fmt.Sprintf("AS description: %s", na(a.Description))
 }
 
 // search searches the ippadrr in tsvFile and if found fills in AS data.

checkip.go

@@ -35,6 +35,11 @@ type SecChecker interface {
 	Checker
 }
 
+type InfoSecChecker interface {
+	InfoChecker
+	SecChecker
+}
+
 // Result holds the result of a check.
 type Result struct {
 	Name        string
@@ -61,6 +66,9 @@ func Run(checkers []Checker, ipaddr net.IP) []Result {
 				errMsg = redactSecrets(err.Error())
 			}
 			switch v := c.(type) {
+			case InfoSecChecker:
+				r := Result{Name: v.String(), Type: "InfoSec", Data: v, Info: v.Info(), IsMalicious: v.IsMalicious(), Err: err, ErrMsg: errMsg}
+				res = append(res, r)
 			case InfoChecker:
 				r := Result{Name: v.String(), Type: "Info", Data: v, Info: v.Info(), Err: err, ErrMsg: errMsg}
 				res = append(res, r)
@@ -76,11 +84,6 @@ func Run(checkers []Checker, ipaddr net.IP) []Result {
 	return res
 }
 
-func redactSecrets(s string) string {
-	key := regexp.MustCompile(`(key|pass|password)=\w+`)
-	return key.ReplaceAllString(s, "${1}=REDACTED")
-}
-
 type byName []Result
 
 func (x byName) Len() int           { return len(x) }
@@ -96,14 +99,15 @@ func Print(results []Result) error {
 		if r.Err != nil {
 			log.Print(r.ErrMsg)
 		}
-		if r.Type == "Info" {
+		if r.Type == "Info" || r.Type == "InfoSec" {
 			fmt.Printf("%-15s %s\n", r.Name, r.Info)
-			continue
 		}
-		if r.IsMalicious {
-			malicious++
+		if r.Type == "Sec" || r.Type == "InfoSec" {
+			totalSec++
+			if r.IsMalicious {
+				malicious++
+			}
 		}
-		totalSec++
 	}
 	probabilityMalicious := malicious / totalSec
 
@@ -128,3 +132,25 @@ func PrintJSON(results []Result) error {
 	enc := json.NewEncoder(os.Stdout)
 	return enc.Encode(&results)
 }
+
+func redactSecrets(s string) string {
+	key := regexp.MustCompile(`(key|pass|password)=\w+`)
+	return key.ReplaceAllString(s, "${1}=REDACTED")
+}
+
+func na(s string) string {
+	if s == "" {
+		return "n/a"
+	}
+	return s
+}
+
+func nonEmpty(strings ...string) []string {
+	var ss []string
+	for _, s := range strings {
+		if s != "" {
+			ss = append(ss, s)
+		}
+	}
+	return ss
+}

cmd/checkip.go

@@ -35,9 +35,7 @@ func main() {
 		&checkip.Blocklist{},
 		&checkip.CINSArmy{},
 		&checkip.DNS{},
-		&checkip.ET{},
 		&checkip.Geo{},
-		&checkip.IP{},
 		&checkip.IPsum{},
 		&checkip.OTX{},
 		&checkip.Shodan{},

dns.go

@@ -1,6 +1,7 @@
 package checkip
 
 import (
+	"fmt"
 	"net"
 	"strings"
 )
@@ -23,5 +24,9 @@ func (d *DNS) Check(ipaddr net.IP) error {
 
 // Info returns interesting information from the check.
 func (d *DNS) Info() string {
-	return strings.Join(d.Names, ", ")
+	msg := "DNS name"
+	if len(d.Names) > 1 {
+		msg += "s"
+	}
+	return fmt.Sprintf("%s: %s", msg, na(strings.Join(d.Names, ", ")))
 }

geo.go

@@ -49,14 +49,5 @@ func (g *Geo) Check(ip net.IP) error {
 
 // Info returns interesting information from the check.
 func (g *Geo) Info() string {
-	if g.City == "" {
-		g.City = "city unknown"
-	}
-	if g.Country == "" {
-		g.Country = "country unknown"
-	}
-	if g.IsoCode == "" {
-		g.IsoCode = "ISO code unknown"
-	}
-	return fmt.Sprintf("%s, %s (%s)", g.City, g.Country, g.IsoCode)
+	return fmt.Sprintf("city: %s, country: %s, ISO code: %s", na(g.City), na(g.Country), na(g.IsoCode))
 }

shodan.go

@@ -13,7 +13,7 @@ import (
 type Shodan struct {
 	Org   string `json:"org"`
 	Data  data   `json:"data"`
-	Os    string `json:"os"`
+	OS    string `json:"os"`
 	Ports []int  `json:"ports"`
 }
 
@@ -61,11 +61,6 @@ func (x byPort) Swap(i, j int)      { x[i], x[j] = x[j], x[i] }
 
 // Info returns interesting information from the check.
 func (s *Shodan) Info() string {
-	os := "OS unknown"
-	if s.Os != "" {
-		os = s.Os
-	}
-
 	var portInfo []string
 	sort.Sort(byPort(s.Data))
 	for _, d := range s.Data {
@@ -82,7 +77,8 @@ func (s *Shodan) Info() string {
 		if product == "" && version == "" {
 			portInfo = append(portInfo, fmt.Sprintf("%s/%d", d.Transport, d.Port))
 		} else {
-			portInfo = append(portInfo, fmt.Sprintf("%s/%d (%s, %s)", d.Transport, d.Port, product, version))
+			ss := nonEmpty(product, version)
+			portInfo = append(portInfo, fmt.Sprintf("%s/%d (%s)", d.Transport, d.Port, strings.Join(ss, ", ")))
 		}
 	}
 
@@ -94,5 +90,5 @@ func (s *Shodan) Info() string {
 		portStr += ":"
 	}
 
-	return fmt.Sprintf("%s, %d open %s %s", os, len(portInfo), portStr, strings.Join(portInfo, ", "))
+	return fmt.Sprintf("OS: %s, %d open %s %s", na(s.OS), len(portInfo), portStr, strings.Join(portInfo, ", "))
 }

virustotal.go

@@ -5,20 +5,28 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"strings"
 )
 
 // VirusTotal holds information about an IP address from virustotal.com.
 type VirusTotal struct {
 	Data struct {
 		Attributes struct {
-			Reputation        int `json:"reputation"`
+			Reputation        int    `json:"reputation"`
+			Network           string `json:"network"`
+			ASowner           string `json:"as_owner"`
 			LastAnalysisStats struct {
 				Harmless   int `json:"harmless"`
 				Malicious  int `json:"malicious"`
 				Suspicious int `json:"suspicious"`
 				Timeout    int `json:"timeout"`
 				Undetected int `json:"undetected"`
 			} `json:"last_analysis_stats"`
+			LastHTTPScert struct {
+				Extensions struct {
+					SAN []string `json:"subject_alternative_name"`
+				} `json:"extensions"`
+			} `json:"last_https_certificate"`
 		} `json:"attributes"`
 	} `json:"data"`
 }
@@ -58,3 +66,7 @@ func (vt *VirusTotal) IsMalicious() bool {
 	// https://developers.virustotal.com/reference#ip-object
 	return vt.Data.Attributes.Reputation < 0
 }
+
+func (vt *VirusTotal) Info() string {
+	return fmt.Sprintf("AS onwer: %s, network: %s, SAN: %s", na(vt.Data.Attributes.ASowner), na(vt.Data.Attributes.Network), na(strings.Join(vt.Data.Attributes.LastHTTPScert.Extensions.SAN, ", ")))
+}