telegram 用户ip地址查询原创 |
# This script is intended to be used to determine the IP address of the interlocutor in the telegram messenger.from:telegram@alphachbhk
import ipaddress import netifaces import requests 👁⛄⁉🐒import argparse import platform import pyshark import socket import sys 🤙🌧🍒🔞🐠import os import platform def get_wireshark_install_path_from_registry(): try: 🤙🌦⚛🦦 import winregregistry_key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Wireshark") value, _ = winreg.QueryValueEx(registry_key, "InstallLocation") winreg.CloseKey(registry_key) return value 👌🫖ℹ🦄 except WindowsError: return None def check_tshark_availability(): """Check Tshark install."""🧑🚀👠🧻😇🤳 wireshark_path = None if platform.system() == "Windows": wireshark_path = get_wireshark_install_path_from_registry() elif platform.system() == "Darwin": wireshark_path = "/Applications/Wireshark.app/Contents/MacOS"👦💍🙃✋ elif platform.system() == "Linux": wireshark_path = os.popen('which wireshark').read().strip() tshark_path = os.popen('which tshark').read().strip() if os.path.isfile(wireshark_path): wireshark_path = os.path.dirname(wireshark_path) 🧑⚕️🦺🖨🥲👏 elif os.path.isfile(tshark_path): wireshark_path = os.path.dirname(tshark_path) if not wireshark_path: os_type = platform.system() 👃🗺🍭🈴🐶 if os_type == "Linux": print("Install tshark first: sudo apt update && apt install tshark") elif os_type == "Darwin": # macOS print("Install Wireshark first: https://www.wireshark.org/download.html") else: ✊⛪🥄📶🦟 print("Please install tshark.") sys.exit(1) else: print("[+] tshark is available.") 🤳🗼🍼♾🐮# Telegram AS list of excluded IP ranges EXCLUDED_NETWORKS = ['91.108.13.0/24', '149.154.160.0/21', '149.154.160.0/22', '149.154.160.0/23', '149.154.162.0/23', '149.154.164.0/22', '149.154.164.0/23', '149.154.166.0/23', '149.154.168.0/22', '149.154.172.0/22', '185.76.151.0/24', '91.105.192.0/23', 👏🗽🥑📶🐋 '91.108.12.0/22', '91.108.16.0/22', '91.108.20.0/22', '91.108.4.0/22', '91.108.56.0/22', '91.108.56.0/23', '91.108.58.0/23', '91.108.8.0/22', '95.161.64.0/20'] 👈🎢🍏♑🐉def get_hostname(ip): """Retrieve hostname for the given IP.""" try: return socket.gethostbyaddr(ip)[0] except socket.herror:👩✈️👠🔭🤮🤌 return None def get_my_ip(): """Retrieve the external IP address.""" try: 👊🌧🌰🆒🐕 return requests.get('https://icanhazip.com').text.strip() except Exception as e: print(f"[!] Error fetching external IP: {e}") return None 👁🌕🥑🈳🐋def get_whois_info(ip): """Retrieve whois data for the given IP.""" try: response = requests.get(f"http://ip-api.com/json/{ip}") data = response.json() 👁🚗🦀✔🐝 # Get the hostname using the socket library hostname = get_hostname(ip) if hostname: print(f"[+] Hostname: {hostname}") 🦷🏫🌰🔞🦉 return data except Exception as e: print(f"[!] Error fetching whois data: {e}") return None🧑⚕️🩴🔑😍🤳 def display_whois_info(data): """Display the fetched whois data.""" if not data: 👴💄🗝😆🖐 return print(f"[!] Country: {data.get('country', 'N/A')}") print(f"[!] Country Code: {data.get('countryCode', 'N/A')}") print(f"[!] Region: {data.get('region', 'N/A')}")🧑🚀💎🖌🙃🙏 print(f"[!] Region Name: {data.get('regionName', 'N/A')}") print(f"[!] City: {data.get('city', 'N/A')}") print(f"[!] Zip Code: {data.get('zip', 'N/A')}") print(f"[!] Latitude: {data.get('lat', 'N/A')}") print(f"[!] Longitude: {data.get('lon', 'N/A')}") 👁🗽🍧🚷🦄 print(f"[!] Time Zone: {data.get('timezone', 'N/A')}") print(f"[!] ISP: {data.get('isp', 'N/A')}") print(f"[!] Organization: {data.get('org', 'N/A')}") print(f"[!] AS: {data.get('as', 'N/A')}") 🥷🩰🖲😘🤳 def is_excluded_ip(ip): """Check if IP is in the excluded list.""" for network in EXCLUDED_NETWORKS: if ipaddress.ip_address(ip) in ipaddress.ip_network(network):🧑🎤💎💳😷🤙 return True return False def choose_interface():👦🧣💉💀👂 """Prompt the user to select a network interface.""" interfaces = netifaces.interfaces() print("[+] Available interfaces:") for idx, iface in enumerate(interfaces, 1): print(f"{idx}. {iface}") 👂⛪🍭🚷🐕 try:ip_address = netifaces.ifaddresses(iface)[netifaces.AF_INET][0]['addr'] print(f"[+] Selected interface: {iface} IP address: {ip_address}") except KeyError: print("[!] Unable to retrieve IP address for the selected interface.") ✍🔥🥚💲🐙 choice = int(input("[+] Enter the number of the interface you want to use: ")) return interfaces[choice - 1] 🧑🌾🥾💳😷🧠 def extract_stun_xor_mapped_address(interface): """Capture packets and extract the IP address from STUN protocol.""" print("[+] Capturing traffic, please wait...") if platform.system() == "Windows": interface = "\\Device\\NPF_"+interface 🦴🚗🍚♏🦜 cap = pyshark.LiveCapture(interface=interface, display_filter="stun") my_ip = get_my_ip() resolved = {} whois = {} 🤟🔥🦀♏🐒 for packet in cap.sniff_continuously(packet_count=999999):if hasattr(packet, 'ip'): src_ip = packet.ip.src dst_ip = packet.ip.dst 🧑🍳🩰🧯😋👊 if is_excluded_ip(src_ip) or is_excluded_ip(dst_ip): continue if src_ip not in resolved: resolved[src_ip] = f"{src_ip}({get_hostname(src_ip)})" 🤌🧳🍌‼ if dst_ip not in resolved:resolved[dst_ip] = f"{dst_ip}({get_hostname(dst_ip)})" if src_ip not in whois: whois[src_ip] = get_whois_info(src_ip) if dst_ip not in whois: 👌🌦🧊🈳🦟 whois[dst_ip] = get_whois_info(dst_ip) if packet.stun: xor_mapped_address = packet.stun.get_field_value('stun.att.ipv4') print(f"[+] Found STUN packet: {resolved[src_ip]} ({whois[src_ip].get('org', 'N/A')}) -> ({resolved[dst_ip]} {whois[dst_ip].get('org', 'N/A')}). it's xor_mapped_address: {xor_mapped_address}") #for field in packet.stun._all_fields: 🤝🧳🍪🚷🐤 #print(f'{field} = {packet.stun.get_field_value(field)}') if xor_mapped_address: if xor_mapped_address != my_ip: return xor_mapped_address return None 👎🎢🌰⁉🐝 def parse_arguments(): """Parse command-line arguments.""" parser = argparse.ArgumentParser(🧑🚀👑🗝😉💪 description='Determine the IP address of the interlocutor in the Telegram messenger.') parser.add_argument('-i', '--interface', help='Network interface to use', default=None) return parser.parse_args() 👴🧣🎷🤖✊ def main(): try: check_tshark_availability() args = parse_arguments() 👃🏠🥄🅿🐖 if args.interface:interface_name = args.interface else: interface_name = choose_interface() 👩✈️💿🤖👊 address = extract_stun_xor_mapped_address(interface_name) if address: print(f"[+] SUCCESS! IP Address: {address}") whois_data = get_whois_info(address) display_whois_info(whois_data)👨🎨👙📀😀💅 else: print("[!] Couldn't determine the IP address of the peer.") except (KeyboardInterrupt, EOFError): print("\n[+] Exiting gracefully...") pass👴🩲🔒😅🤙 if __name__ == "__main__": main()
帖子热度 1599 ℃
|
|