Add routes info

Author: evalphobia

README.md

@@ -98,6 +98,7 @@ Options:
   -h, --help       display help information
   -p, --provider  *set types of api provider (space separated) --provider='ipdata ipinfo minfraud'
   -i, --ip         input ip address --ip='8.8.8.8'
+      --route      set if you need route data from IRR --route
       --debug      set if you need verbose logs --debug
 ```
 
@@ -111,9 +112,9 @@ $ export FRAUD_CHECK_IPINFOIO_TOKEN=yyy
 # check ip address
 $ ./go-ip-fraud-check single -p 'ipdata ipinfo' -i 8.8.8.8
 
-2021/10/25 00:54:26 [INFO] [INFO] Use ipdata.co
-2021/10/25 00:54:26 [INFO] [INFO] Use ipinfo.io
-{"list":[{"service_name":"ipdata.co","ip":"8.8.8.8","hostname":"","isp":"Google LLC","organization":"","asn":15169,"risk_score":0,"is_anonymous":false,"is_anonymous_vpn":false,"is_hosting":false,"is_proxy":false,"is_tor":false,"is_bot":false,"is_bogon":false,"has_other_threat":false,"country":"US","city":"","region":"","latitude":0,"longitude":0,"error":""},{"service_name":"ipinfo.io","ip":"8.8.8.8","hostname":"dns.google","isp":"","organization":"Google LLC","asn":15169,"risk_score":0,"is_anonymous":false,"is_anonymous_vpn":false,"is_hosting":false,"is_proxy":false,"is_tor":false,"is_bot":false,"is_bogon":false,"has_other_threat":false,"country":"US","city":"Mountain View","region":"California","latitude":37.4056,"longitude":-122.0775,"error":""}]}
+2021/10/25 00:54:26 [INFO] Use ipdata.co
+2021/10/25 00:54:26 [INFO] Use ipinfo.io
+{"list":[{"service_name":"ipdata.co","ip":"8.8.8.8","hostname":"","isp":"Google LLC","organization":"","asn":15169,"risk_score":0,"is_anonymous":false,"is_anonymous_vpn":false,"is_hosting":false,"is_proxy":false,"is_tor":false,"is_bot":false,"is_bogon":false,"has_other_threat":false,"country":"US","city":"","region":"","latitude":0,"longitude":0,"error":""},{"service_name":"ipinfo.io","ip":"8.8.8.8","hostname":"dns.google","isp":"","organization":"Google LLC","asn":15169,"risk_score":0,"is_anonymous":false,"is_anonymous_vpn":false,"is_hosting":false,"is_proxy":false,"is_tor":false,"is_bot":false,"is_bogon":false,"has_other_threat":false,"country":"US","city":"Mountain View","region":"California","latitude":37.4056,"longitude":-122.0775,"error":""}],"as_prefix":["66.249.80.0/20","74.125.57.240/29","216.239.44.0/24", ...]}
 ```
 
 ### list command
@@ -122,6 +123,7 @@ $ ./go-ip-fraud-check single -p 'ipdata ipinfo' -i 8.8.8.8
 
 ```bash
 ./go-ip-fraud-check list -h
+
 Exec api call of ip address fraud check providers from csv list file
 
 Options:
@@ -130,6 +132,7 @@ Options:
   -p, --provider  *set types of api provider (space separated) --provider='ipdata ipinfo minfraud'
   -i, --input     *input csv/tsv file path --input='./input.csv'
   -o, --output    *output tsv file path --output='./output.tsv'
+      --route      set if you need route data from IRR (this might be slow) --route
       --debug      set if you use HTTP debug feature --debug
 ```
 
@@ -150,8 +153,8 @@ ip_address
 
 # check risk from the CSV file
 $ ./go-ip-fraud-check list -p 'ipdata ipinfo' -i ./input.csv -o ./output.tsv
-2021/10/25 00:58:29 [INFO] [INFO] Use ipdata.co
-2021/10/25 00:58:29 [INFO] [INFO] Use ipinfo.io
+2021/10/25 00:58:29 [INFO] Use ipdata.co
+2021/10/25 00:58:29 [INFO] Use ipinfo.io
 2021/10/25 00:58:30 [INFO] exec #: [2]
 2021/10/25 00:58:29 [INFO] exec #: [0]
 2021/10/25 00:58:31 [INFO] exec #: [1]
@@ -185,6 +188,7 @@ func main() {
         // you can set auth values to config directly, otherwise used from environment variables.
 		IPdatacoAPIKey:  "<your ipdata.co API key>",
 		IPinfoioToken:  "<your ipinfo.io API token>",
+		UseRoute:   true,
 		Debug:      false,
 	}
 

cmd/command_list.go

@@ -33,6 +33,7 @@ var outputHeader = []string{
 	"is_bot",
 	"is_bogon",
 	"has_other_threat",
+	// "as_routes", append by code
 }
 
 // parameters of 'list' command.
@@ -41,6 +42,7 @@ type listT struct {
 	Provider string `cli:"*p,provider" usage:"set types of api provider (space separated) --provider='ipdata ipinfo minfraud'"`
 	InputCSV string `cli:"*i,input" usage:"input csv/tsv file path --input='./input.csv'"`
 	Output   string `cli:"*o,output" usage:"output tsv file path --output='./output.tsv'"`
+	UseRoute bool   `cli:"route" usage:"set if you need route data from IRR (this might be slow) --route"`
 	Debug    bool   `cli:"debug" usage:"set if you use HTTP debug feature --debug"`
 }
 
@@ -67,6 +69,7 @@ type ListRunner struct {
 	Provider string
 	InputCSV string
 	Output   string
+	UseRoute bool
 	Debug    bool
 }
 
@@ -75,6 +78,7 @@ func newListRunner(p listT) ListRunner {
 		Provider: p.Provider,
 		InputCSV: p.InputCSV,
 		Output:   p.Output,
+		UseRoute: p.UseRoute,
 		Debug:    p.Debug,
 	}
 }
@@ -95,7 +99,8 @@ func (r *ListRunner) Run() error {
 		return err
 	}
 
-	maxReq := make(chan struct{}, 2)
+	maxReqNum := 3
+	maxReq := make(chan struct{}, maxReqNum)
 
 	providerList, err := getProvidersFromString(r.Provider)
 	if err != nil {
@@ -104,12 +109,16 @@ func (r *ListRunner) Run() error {
 
 	logger := &log.StdLogger{}
 	svc, err := ipfraudcheck.New(ipfraudcheck.Config{
-		Debug:  r.Debug,
-		Logger: logger,
+		UseRoute: r.UseRoute,
+		Debug:    r.Debug,
+		Logger:   logger,
 	}, providerList)
 	if err != nil {
 		panic(err)
 	}
+	if r.UseRoute {
+		outputHeader = append(outputHeader, "as_routes")
+	}
 
 	providerSize := len(providerList)
 	result := make([]string, len(lines)*providerSize)
@@ -151,6 +160,10 @@ func (r *ListRunner) execAPI(svc *ipfraudcheck.Client, param map[string]string)
 	for i, r := range resp.List {
 		row := make([]string, 0, len(outputHeader))
 		for _, v := range outputHeader {
+			if v == "as_routes" {
+				row = append(row, strings.Join(resp.ASPrefix, " "))
+				continue
+			}
 			row = append(row, getValue(param, r, v))
 		}
 		rows[i] = row

cmd/command_single.go

@@ -16,6 +16,7 @@ type singleT struct {
 	cli.Helper
 	Provider  string `cli:"*p,provider" usage:"set types of api provider (space separated) --provider='ipdata ipinfo minfraud'"`
 	IPAddress string `cli:"i,ip" usage:"input ip address --ip='8.8.8.8'"`
+	UseRoute  bool   `cli:"route" usage:"set if you need route data from IRR --route"`
 	Debug     bool   `cli:"debug" usage:"set if you need verbose logs --debug"`
 }
 
@@ -45,13 +46,15 @@ type SingleRunner struct {
 	// parameters
 	Provider  string
 	IPAddress string
+	UseRoute  bool
 	Debug     bool
 }
 
 func newSingleRunner(p singleT) SingleRunner {
 	return SingleRunner{
 		Provider:  p.Provider,
 		IPAddress: p.IPAddress,
+		UseRoute:  p.UseRoute,
 		Debug:     p.Debug,
 	}
 }
@@ -63,8 +66,9 @@ func (r *SingleRunner) Run() error {
 	}
 
 	svc, err := ipfraudcheck.New(ipfraudcheck.Config{
-		Debug:  r.Debug,
-		Logger: &log.StdLogger{},
+		UseRoute: r.UseRoute,
+		Debug:    r.Debug,
+		Logger:   &log.StdLogger{},
 	}, providerList)
 	if err != nil {
 		panic(err)

example/example_ipdataco.go

@@ -15,7 +15,9 @@ func main() {
 	flag.StringVar(&ipaddr, "ipaddr", "", "set target ip address")
 	flag.Parse()
 
-	svc, err := ipfraudcheck.New(ipfraudcheck.Config{}, []provider.Provider{
+	svc, err := ipfraudcheck.New(ipfraudcheck.Config{
+		UseRoute: true,
+	}, []provider.Provider{
 		&ipdataco.IPdatacoProvider{},
 	})
 	if err != nil {

example/example_ipinfoio.go

@@ -15,7 +15,9 @@ func main() {
 	flag.StringVar(&ipaddr, "ipaddr", "", "set target ip address")
 	flag.Parse()
 
-	svc, err := ipfraudcheck.New(ipfraudcheck.Config{}, []provider.Provider{
+	svc, err := ipfraudcheck.New(ipfraudcheck.Config{
+		UseRoute: true,
+	}, []provider.Provider{
 		&ipinfoio.IPinfoioProvider{},
 	})
 	if err != nil {

example/example_minfraud.go

@@ -15,7 +15,9 @@ func main() {
 	flag.StringVar(&ipaddr, "ipaddr", "", "set target ip address")
 	flag.Parse()
 
-	svc, err := ipfraudcheck.New(ipfraudcheck.Config{}, []provider.Provider{
+	svc, err := ipfraudcheck.New(ipfraudcheck.Config{
+		UseRoute: true,
+	}, []provider.Provider{
 		&minfraud.MinFraudProvider{},
 	})
 	if err != nil {

ipfraudcheck/config.go

@@ -24,9 +24,10 @@ type Config struct {
 	MinFraudLicenseKey string
 
 	// common option
-	Debug   bool
-	Timeout time.Duration
-	Logger  log.Logger
+	UseRoute bool
+	Debug    bool
+	Timeout  time.Duration
+	Logger   log.Logger
 }
 
 func (c Config) GetLogger() log.Logger {

ipfraudcheck/ipfraudcheck.go

@@ -10,6 +10,7 @@ import (
 type Client struct {
 	logger    log.Logger
 	providers []provider.Provider
+	useRoutes bool
 }
 
 func New(conf Config, providers []provider.Provider) (*Client, error) {
@@ -29,15 +30,29 @@ func New(conf Config, providers []provider.Provider) (*Client, error) {
 	logger := conf.GetLogger()
 
 	for _, e := range enabledProviders {
-		logger.Infof("[INFO] Use %s\n", e.String())
+		logger.Infof("Use %s\n", e.String())
 	}
 
 	return &Client{
 		logger:    logger,
 		providers: enabledProviders,
+		useRoutes: conf.UseRoute,
 	}, nil
 }
 
+func (c Client) RawCheckIP(ipaddr string) ([]interface{}, error) {
+	list := make([]interface{}, len(c.providers))
+	for i, p := range c.providers {
+		resp, err := p.RawCheckIP(ipaddr)
+		if err != nil {
+			return nil, err
+		}
+		list[i] = resp
+	}
+
+	return list, nil
+}
+
 func (c Client) CheckIP(ipaddr string) (Response, error) {
 	list := make([]provider.FraudCheckResponse, len(c.providers))
 	for i, p := range c.providers {
@@ -48,24 +63,33 @@ func (c Client) CheckIP(ipaddr string) (Response, error) {
 		list[i] = resp
 	}
 
-	return Response{
+	resp := Response{
 		List: list,
-	}, nil
+	}
+	if c.useRoutes {
+		asn, ok := resp.FindASN()
+		if ok {
+			cli := NewWhoisClient()
+			routes, err := cli.GetRoutes(asn)
+			if err != nil {
+				return resp, err
+			}
+			resp.ASPrefix = routes
+		}
+	}
+	return resp, nil
 }
 
 type Response struct {
-	List []provider.FraudCheckResponse `json:"list"`
+	List     []provider.FraudCheckResponse `json:"list"`
+	ASPrefix []string                      `json:"as_prefix"`
 }
 
-func (c Client) RawCheckIP(ipaddr string) ([]interface{}, error) {
-	list := make([]interface{}, len(c.providers))
-	for i, p := range c.providers {
-		resp, err := p.RawCheckIP(ipaddr)
-		if err != nil {
-			return nil, err
+func (r Response) FindASN() (int64, bool) {
+	for _, resp := range r.List {
+		if resp.ASNumber != 0 {
+			return resp.ASNumber, true
 		}
-		list[i] = resp
 	}
-
-	return list, nil
+	return 0, false
 }

ipfraudcheck/whois_routes.go

@@ -0,0 +1,90 @@
+package ipfraudcheck
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	defaultWhoisServer  = "whois.radb.net"
+	defaultWhoisPort    = 43
+	defaultWhoisTimeout = 30 * time.Second
+)
+
+type WhoisClient struct {
+	Server  string
+	Port    int
+	Timeout time.Duration
+}
+
+func NewWhoisClient() WhoisClient {
+	return WhoisClient{
+		Server:  defaultWhoisServer,
+		Port:    defaultWhoisPort,
+		Timeout: defaultWhoisTimeout,
+	}
+}
+
+func (c WhoisClient) GetRoutes(asn int64) ([]string, error) {
+	byt, err := whois(c.Server, c.Port, c.Timeout, asn)
+	if err != nil {
+		return nil, err
+	}
+
+	lines := strings.Split(string(byt), "\n")
+	routes := make([]string, 0, len(lines)/8)
+	for _, line := range lines {
+		if !strings.HasPrefix(line, "route") {
+			continue
+		}
+		route := strings.TrimSpace(
+			strings.TrimPrefix(
+				strings.TrimPrefix(line, "route6:"),
+				"route:"))
+		routes = append(routes, route)
+	}
+	return routes, nil
+}
+
+// codes are base on: https://github.com/likexian/whois
+func whois(server string, port int, timeout time.Duration, asn int64) ([]byte, error) {
+	dialer := &net.Dialer{
+		Timeout: timeout,
+	}
+
+	now := time.Now()
+	conn, err := dialer.Dial("tcp", net.JoinHostPort(server, strconv.Itoa(port)))
+	if err != nil {
+		return nil, fmt.Errorf("whois: connect to whois server failed: %w", err)
+	}
+	defer conn.Close()
+
+	// send query
+	_ = conn.SetWriteDeadline(time.Now().Add(dialer.Timeout - time.Since(now)))
+	query := getWhoisQuery(server, asn)
+	_, err = conn.Write([]byte(query + "\r\n"))
+	if err != nil {
+		return nil, fmt.Errorf("whois: send to whois server failed: %w", err)
+	}
+
+	// get response
+	_ = conn.SetReadDeadline(time.Now().Add(dialer.Timeout - time.Since(now)))
+	buf, err := ioutil.ReadAll(conn)
+	if err != nil {
+		return nil, fmt.Errorf("whois: read from whois server failed: %w", err)
+	}
+
+	return buf, nil
+}
+
+func getWhoisQuery(server string, asn int64) string {
+	switch server {
+	case "whois.radb.net":
+		return fmt.Sprintf("-i origin AS%d", asn)
+	}
+	return fmt.Sprintf("AS%d", asn)
+}