Skip to content
/ csp-ip-lookup Public

API and Website to check if an IP address belongs to a Cloud Service Provider

License

MIT license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

daniel-infosec/csp-ip-lookup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
csp-lookup-diagram.png
csp-lookup-diagram.png
 
 
private_api_code.py
private_api_code.py
 
 
public_api_code.py
public_api_code.py
 
 

Repository files navigation

csp-ip-lookup

Quick Usage

Go to the following website and punch in the IP Address

https://catscrdl.retool.com/embedded/public/e927ef61-2853-4b36-9993-47fa7e6011d3

Or you can use a curl command to lookup multiple IP addresses

curl -X POST https://csp-ip-lookup.catscrdl.io/collectCSPsPublicAPI \
  --header 'Content-Type: application/json' \
  -d '{
    "ip_addresses": [
      "52.127.53.105",
      "35.134.66.241",
      "99.87.32.45"
    ]
}'

Caching

You can choose to set an optional flag in the JSON body called "cached". It will use the cached version by default. This cache updates about every 15 minutes. If this value is false, it'll use a live lookup. The live lookup may be more accurate but it will also take longer.

curl -X POST https://csp-ip-lookup.catscrdl.io/collectCSPsPublicAPI \
  --header 'Content-Type: application/json' \
  -d '{
    "ip_addresses": [
      "52.127.53.105",
      "35.134.66.241",
      "99.87.32.45"
    ]
    , "cached": false
}'

Output

Output is properly formatted JSON structured as follows:

[
  {
    "ip_address": ip_address,
    "data": {
      "cloud", cloud,
      "region", [regions],
      "service", [services],
      "ip_range", [ip_ranges],
      "date",date
    }
  }
]

If one or more regions, services, or ranges match, the JSON object will return a list. If only one matches, it will be a list with one element.

Diagram and Architecture

Snowflake serves as the center of the operation (I work at Snowflake, but I do really enjoy using it). I built an external function so that when I do select collect_csp_cidr_ranges(), the code in private_api_code.py runs and reaches out to various sources to pull the list of latest public IP addresses from the 3 major CSPs. Additionally, a task runs every 15 minutes to run this code and update a table (also stored in Snowflake).

Retool queries Snowflake directly and runs a query very similar to the one in public_api_code.py to search the public IP ranges.

The API uses AWS API Gateway to run public_api_code.py which uses the Snowflake REST API to query either the table or call the external function.

Architecture Diagram

Credits

Aidan Steele (https://twitter.com/__steele) for a code review and the initial request

Paul Schwarzenberger (https://twitter.com/paulschwarzen) for feedback on the API output

Mark Manning (https://twitter.com/antitree) for advice on error handling

You can find me at https://twitter.com/Daniel_Infosec

About

API and Website to check if an IP address belongs to a Cloud Service Provider

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages