0

I have a daily report in the csv file format of a list of public IP address and I need to to fill in the Hostname for the public IP. The Hostname can be an OrgId or netname.

I need to do a bash script to automate the whois search instead of searching manually one by one and filling it up on the csv file.

Example: This is an excerpt of a long list of Public IP address

    Port,Type,S_Host,S_IP,Port,D_Host,D_IP,Port
    2,tcp,N/A,8.8.8.8,2,N/A,47.246.57.232,8
    3,tcp,N/A,47.246.57.232,2,N/A,217.17.81.9,3

I need to do a whois search on the IPs in column 4 and 7 then, fill in the Hostname inside field 3 and 6.

Desired output:

Port,Type,S_Host,S_IP,Port,D_Host,D_IP,Port
2,tcp,Google,8.8.8.8,2,Alibaba,47.246.57.232,8
3,tcp,Alibaba,47.246.57.232,2,MVTV,217.17.81.9,3
scriptdummy
  • 23
  • 6

1 Answers1

1

A very simple approach could be to read the list of IP addresses (i.e. pubIP.lst) and write it out into a new file but with resolved hostnames (i.e. hosts.lst). 

#!/bin/bash

resolveHostname() {
  # You may change or extend this function to your needs
  dig -x "$1" +short
}

# Make sure there is no file with resolved hostnames
rm hosts.lst

while read LINE; # by line from a list
do

  # Each Comma Separated Value (CSV) into a variable

  PORT=$(echo "${LINE}" | cut -d "," -f 1)
  TYPE=$(echo "${LINE}" | cut -d "," -f 2)

  # SRC_HOST=$(echo "${LINE}" | cut -d "," -f 3)
  SRC_IP=$(echo "${LINE}" | cut -d "," -f 4)
  SRC_PORT=$(echo "${LINE}" | cut -d "," -f 5)

  # DEST_HOST=$(echo "${LINE}" | cut -d "," -f 6)
  DEST_IP=$(echo "${LINE}" | cut -d "," -f 7)
  DEST_PORT=$(echo "${LINE}" | cut -d "," -f 8)

  # And write it out the columns into a new file
  # but for Col 3,6 with hostnames instead of IP

  echo "${PORT},${TYPE},$(resolveHostname ${SRC_IP}),${SRC_IP},${SRC_PORT},$(resolveHostname ${DEST_IP}),${DEST_IP},${DEST_PORT}" >> hosts.lst

done < pubIP.lst

Thanks to

U880D
  • 8,601
  • 6
  • 24
  • 40
  • I believe the 'dig -x "$1" +short' refers to the first column? Correct me if I'm wrong. – scriptdummy May 17 '20 at 05:20
  • You may have a look into [passing parameters to a Bash function](https://stackoverflow.com/questions/6212219/). I'll include this into the credits. In general, the function block `resolveHostname` will take the given `SRC_IP` or `DEST_IP`, resolves it to a hostname and print it out. So it will depend on the parameter you'll put in and where you'll have the function to print out. – U880D May 17 '20 at 05:53
  • Okay got it. Thank you! – scriptdummy May 17 '20 at 07:52
  • I encountered another problem when using this solution. The command matches all the private IP address as well. What can i add so that it only matches Public IP? Also, the other values in the column including the header returns empty. i want to retain the values in the column if it does not match anything. How can i do it? – scriptdummy Jun 10 '20 at 08:28