SpoofFinder is a tool designed to check whether a target ASN (Autonomous System Number) supports IP header modification, commonly referred to as IP spoofing. The tool fetches and analyzes data from multiple sources, providing a comprehensive report on the spoofing status of a given ASN, IP address, or CIDR range.
- π‘οΈ ASN Spoofing Check: Determines whether an ASN allows IP header modification (IPHM), indicating whether the ASN supports spoofed packet routing.
- π Detailed ASN Information: Retrieves detailed information about an ASN, including country, number of routed IPs, and last spoofing check.
- π§ Email and Phone Parsing: Extracts contact details (email, phone) from public ASN databases.
- π Related Links Search: Performs search engine queries for related server information based on the ASN.
- π Rich CLI Output: Utilizes
rich
for visually appealing, colorful logs and outputs.
Follow these steps to quickly set up and run SpoofFinder:
-
Clone the repository:
git clone https://github.com/MatrixTM/SpoofFinder.git cd spoof-finder
-
Install dependencies: Ensure you have Python 3.7+ installed. Then, run:
pip install -r requirements.txt
-
Run the tool: You can check the spoofing status of an ASN, IP, or CIDR range using the following command:
python spoof_finder.py -t AS15169
-
Interactive Mode: If you don't pass any arguments, SpoofFinder will prompt you to input a target interactively:
python spoof_finder.py
SpoofFinder depends on the following Python libraries:
pip install httpx netaddr rich aioconsole git+https://github.com/soxoj/async-search-scraper
SpoofFinder can be run from the command line, passing the target ASN, IP address, or CIDR range as an argument.
To check if ASN 15169 (Google) supports IP header modification:
python spoof_finder.py -t AS15169
You can also use an IP address or CIDR range to find the corresponding ASN and check its spoofing status:
python spoof_finder.py -t 8.8.8.8
- ASN: Autonomous System Number (e.g.,
AS15169
or just15169
). - IP Address: Will resolve the IP to its corresponding ASN and check the spoofing status.
- CIDR Range: Supports input of IP ranges in CIDR format (e.g.,
8.8.8.0/24
).
Here is an example of the tool's output:
[21:23:25] π Fetching data for ASN: AS15169...
[21:23:28] π ASN Name: GOOGLE
π’ ASN Number: AS15169
π Site: google.com
π ASN Rank: 1790
π‘οΈ Spoofable: No
π Country: USA
π Client IPv4: 35.194.140.0/24
β±οΈ Last Checked: Dec 21 2017 08:40 AM
π§ Contact Email: network-abuse@google.com
π Contact Phone: +1-650-253-0000
[21:23:55] π Related Links:
- https://cloud.google.com/
- https://console.cloud.google.com/
- https://cloud.google.com/gcp/
- https://cloud.google.com/compute/
- https://www.google.com/about/datacenters/
- https://cloud.google.com/products/calculator
- https://cloud.google.com/hosting-options/
- https://www.google.com/about/datacenters/efficiency/
- https://www.google.com/about/datacenters/locations/
- https://en.wikipedia.org/wiki/Google_data_centers
- https://cloud.google.com/serverless/
- https://cloud.google.com/compute/vm-instance-pricing
- https://www.google.com/about/datacenters/gallery/
- https://blog.google/products/google-cloud/introducing-google-cloud/
- https://www.google.com/
- https://support.google.com/?hl=en
- https://accounts.google.com/
- https://about.google/intl/ALL_us/
- https://www.google.com/advanced_search
- https://maps.google.com/
- https://en.wikipedia.org/wiki/Google
- https://www.google.de/
- https://www.google.es/
- https://www.google.com.br/
- https://www.google.ie/intl/en/
- https://www.google.com.mx/
- https://www.google.dk/index.html
- https://www.google.com.tw/
SpoofFinder gathers ASN and IP spoofing data from multiple sources, including:
- caida.org: For information on ASN spoofing status.
- arin.net: For obtaining contact information (email, phone) associated with ASNs.
- ipapi.co: For IP geolocation and ASN details based on the target IP.
spoof_finder.py
: The main script that handles checking ASN spoofing status and gathering additional information.README.md
: This file, providing project documentation.requirements.txt
: A list of Python libraries and their versions required to run the tool.LICENSE
: The license information for the project.
This project is licensed under the MIT License. See the LICENSE file for details.
We welcome contributions! Feel free to open issues or submit pull requests. Please follow the repository's guidelines for code style and contributions.
- βοΈ Add more data sources to check spoofing capabilities.
- ποΈ Implement caching to reduce API call overhead for repeated queries.
- π§ Improved error handling and log management.