-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathorigin_ip.sh
58 lines (48 loc) · 1.73 KB
/
origin_ip.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash
# API keys (replace with your own keys)
VT_API_KEY="APIKEY"
# Function to fetch IP addresses from VirusTotal
fetch_vt_ips() {
local domain=$1
echo "Querying VirusTotal for $domain..."
curl -s "https://www.virustotal.com/vtapi/v2/domain/report?domain=$domain&apikey=$VT_API_KEY" | \
jq -r '..|.ip_address? // empty' | \
grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' || echo "No IPs found in VirusTotal."
}
# Function to fetch IP addresses from AlienVault
fetch_otx_ips() {
local domain=$1
echo "Querying AlienVault for $domain..."
curl -s "https://otx.alienvault.com/api/v1/indicators/hostname/$domain/url_list?limit=500&page=1" | \
jq -r '.url_list[]?.result?.urlworker?.ip // empty' | \
grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' || echo "No IPs found in AlienVault."
}
# Function to fetch IP addresses from URLScan
fetch_urlscan_ips() {
local domain=$1
echo "Querying URLScan for $domain..."
curl -s "https://urlscan.io/api/v1/search/?q=domain:$domain&size=10000" | \
jq -r '.results[].page?.ip? // empty' | \
grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' || echo "No IPs found in URLScan."
}
# Main function
main() {
if [ -z "$1" ]; then
echo "Usage: $0 <domain_name_or_url>"
exit 1
fi
local domain=$1
local output_file="${domain}_ips.txt"
echo "Collecting IP addresses for: $domain"
echo "-------------------------------------"
# Fetch IPs from all sources
{
fetch_vt_ips "$domain"
fetch_otx_ips "$domain"
fetch_urlscan_ips "$domain"
} | sort -u | tee "$output_file"
echo "-------------------------------------"
echo "IP addresses saved to: $output_file"
}
# Run the main function
main "$@"