Powershell Netblock Owner Lookup

I was recently challenged with something interesting, given a large list of DNS name, resolve the IP address for each domain and then find the Owner of that IP Address. That became the requirements for a Powershell Netblock Owner Lookup script. I put together a quick little script that will accept the path to a CSV file containing a list of domain names. It will then output a CSV file in the same directory containing the Domain Name, IP Address, and Owner of the Netblock.

Scripting a Powershell Netblock Owner Lookup

powershell-netblock-owner-lookupThe first thing I looked into was the best way to find the owner for an IP Address. Fortunately the American Registry for Internet Numbers (ARIN) now has a REST API to query data about any IP Address. The API is accessed using the address: http://whois.arin.net/rest/ip/x.x.x.x. So for example http://whois.arin.net/rest/ip/192.149.252.75, returns the address information. The API also supports various return formats by supplying an extension on the end such as .txt, .xml, and .json. For my Powershell script I’m going to use the JSON format because Powershell will automatically convert it into objects.

I’m going to use the Invoke-RestMethod cmdlet to call the ARIN REST API. If we’re just reading from an API just calling Invoke-RestMethod with the URL as the parameter will return an object containing all the data items as properties. I found that there are two types of ARIN records, Direct Assignment or DA, and Reassigned or S. Depending on the Type the Owner name is found in a different property.

For resolving IP Addresses I’m using the [System.Net.Dns]::GetHostAddresses(HOST_NAME)[0].IPAddressToString cmdlet. One issue I found with this cmdlet is that it tries to resolve the name several times and then times out. If you have a lot of names that don’t resolve this script could take quite awhile to run. There may be a better way to do this by calling another API, but I haven’t looked into it.

Finally I’m writing out the DNS Name, IP Address, and Network Owner to a CSV file using the Add-Content cmdlet. This script runs pretty quickly and is very accurate at finding Netblock Owners.

param (
        [Parameter(Mandatory=$true)]
        [String]$InputFile
)

Write-Host " "
Write-Host "                                                            " -BackgroundColor DarkCyan
Write-Host "          IP Owner Lookup                                   " -BackgroundColor DarkCyan
Write-Host "                                                            " -BackgroundColor DarkCyan

Write-Host " "

# ARIN Function
function Lookup-Owner
{
  param (
    [string]$hostiplookup
  )

# Setup URL
$restURL = "http://whois.arin.net/rest/ip/" + $hostiplookup + ".json"

# Call REST API
$output = Invoke-RestMethod $restURL 

# Determine Type of Entry
$entrytype = $output.net.netblocks.netblock.type.'$'

# Based on the type of entry pull the Owner Name from different fields
if ($entrytype -eq "S"){
  $corpname = $output.net.customerRef.'@name'
}else{
  $corpname = $output.net.orgRef.'@name'
}

return $corpname
}

function Lookup-IP
{
 param (
 	[string]$hostnamelookup 
 )
  $ipresult = $null 
  
  # Try to resolve the DNS Name
  try{
    $ipresult = [System.Net.Dns]::GetHostAddresses($hostnamelookup)[0].IPAddressToString
  }
  catch{ #not found
  }
  
  # If we can't resolve the name, return null
  return $ipresult
}

# Script Configuration
$outputfile = $InputFile + "." + [guid]::NewGuid() + ".csv"

Write-Host "Loading IPs from $InputFile"	
$records = Import-Csv $InputFile


foreach ($r in $records)
{
  # Grab the domain name field
  $hostname = $($r.Domain)
  
  # Lookup IP Address
  $hostip = Lookup-IP $hostname
  
  # If the IP resolved, lookup the owner from ARIN
  if ($hostip -eq $null){
    Write-Warning "$hostname did not resolve to an IP Address"
    $outputline = $hostname + ",Unknown IP,Unknown Network Owner"
  }else{
    Write-Host "Performing Lookup of $hostname - $hostip...."
    $owner = Lookup-Owner $hostip
    Write-Host "       found owner as $owner"
    $outputline = $hostname + "," + $hostip + "," + $owner
  }
  
    # Write output to new CSV file
  Add-Content $outputfile $outputline
}

Write-Host "Completed lookups, wrote output to $outputfile"

 

References

 

My name is Edgar Frost, I have 40 years of experience working in Information Technology. Starting with the mainframe, and also working with distributed technologies, LDAP, and Siteminder. My goal is to bring an Enterprise mindset to technology.
We will be happy to hear your thoughts

      Leave a reply