Announce: abuseEmail - Finds out abuse email addresses for a specified IP address

[Guillaume Filion <gfk () LOGIDAC COM>]

Hi all,

Recently there was a discussion in this mailing list about Handling
Scans and some people express their interest for an automated tool to
find the abuse email address of a specified IP address. I said that
I've been wanting to do something like this for a long time, so
instead of just saying it, I spent my friday night/saturday morning
coding it.

The result is a 14 KB perl script that works pretty well. I've tried
it with about half a hundred IP addresses and I always got good
results. Of course, I'm sure that there are still bugs and lacks of
functionnality on many aspects and I'm very open to your comments and
suggestions.

The script is available here: http://logidac.com/abuseEmail/

If you want to know how to script works, well you can look at the
code, but you can also use the -v (verbose) flag. Here's an example:
------
[gfk@cesam gfk]$ abuseEmail.pl 208.56.76.14
postmaster () logidac com,abuse () alabanza com
[gfk@cesam gfk]$ abuseEmail.pl -v 208.56.76.14
Checking if 208.56.76.14 is a Private ip address...no
Checking if 208.56.76.14 is a reserved ip address...no
Checking the hostname associated with 208.56.76.14... logidac.com

Checking for this hostname at abuse.net...found postmaster () logidac com

Checking DNS zone's Start of Authority on the hostname...not found.
on the ip address...found: hostmaster.alabanza.com

Checking for this SOA at abuse.net...found abuse () alabanza com


Found these abuse addresses: postmaster () logidac com,abuse () alabanza com
Confidence: 1 (the more, the better).
------

Best,
GFK's
--
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA

Attachment: _bin
Description: