Searching CIDRs for IPv4/6 Addresses

2-minute read
John Lukach AWS OSINT Python

Cloud service providers like Amazon Web Service (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc. provide their CIDR network IPv4/6 ranges for consumption. During analysis, we could use WHOIS information to determine ownership of a specific IP address. However, using this OSINT, we can glean some additional information on a particular IP address like possible services operating in particular regions.

AWS IP Address Ranges Example:

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

aws-ip-range-example

Two challenges exist with this data set that needs addressing. First, it is only a point in time snapshot of currently configured CIDR ranges that had seven updates in a 24-hour window. I like DynamoDB, but a database of your choosing can resolve this issue. Second, there are 3,284 CIDR ranges listed presently that need to be normalized for searching.

Task:

Determine if the IP address 18.181.182.183 is part of the CIDR network range 18.180.0.0/15 with Python?

Step 1 - Import library and declare variables

import ipaddress
  
ipaddr = '18.181.182.183' 
cidr = '18.180.0.0/15'

Step 2 - Split the network address from the CIDR for a version validation

hostnetwork = cidr.split('/')
iptype = ipaddress.ip_address(hostnetwork[0])

Step 3 - Check the IP Address version to find Network and Broadcast addresses of the CIDR range for integer conversion

if iptype.version == 4:
	netrange = ipaddress.IPv4Network(cidr)
	firstip, lastip = netrange[0], netrange[-1]
	intfirstip = int(ipaddress.IPv4Address(firstip))
	intlastip = int(ipaddress.IPv4Address(lastip))

Step 4 - Test if IP Address is version 4 or 6 for integer conversion again

iptype = ipaddress.ip_address(ipaddr)

if iptype.version == 4:
	intipaddr = int(ipaddress.IPv4Address(ipaddr))

Step 5 - Determine if IP Address integer is between first and last IP of the CIDR range

if intipaddr >= intfirstip and intipaddr <= intlastip:
	print('YES!')
else:
	print('NO!')

Always more than one way to solve a problem, but this is what worked for me. The source code below includes an example that provides for IPv6 too. If people are interested in how I did the data modeling in DynamoDB, I would be happy to share that as well!

Happy Coding,

John Lukach

REFERENCE

https://docs.python.org/3/library/ipaddress.html

SOURCE CODE
import ipaddress
  
ipaddr = '18.181.182.183' 
cidr = '18.180.0.0/15'

### CIDR ###

hostnetwork = cidr.split('/')
iptype = ipaddress.ip_address(hostnetwork[0])

### IPV4 ###

if iptype.version == 4:
	netrange = ipaddress.IPv4Network(cidr)
	firstip, lastip = netrange[0], netrange[-1]
	intfirstip = int(ipaddress.IPv4Address(firstip))
	intlastip = int(ipaddress.IPv4Address(lastip))

### IPV6 ###

elif iptype.version == 6:
	netrange = ipaddress.IPv6Network(cidr)
	firstip, lastip = netrange[0], netrange[-1]
	intfirstip = int(ipaddress.IPv6Address(firstip))
	intlastip = int(ipaddress.IPv6Address(lastip))
	
### IP ADDRESS ###
	
iptype = ipaddress.ip_address(ipaddr)

if iptype.version == 4:
	intipaddr = int(ipaddress.IPv4Address(ipaddr))

elif iptype.version == 6:
	intipaddr = int(ipaddress.IPv6Address(ipaddr))
	
### ANSWER ###

if intipaddr >= intfirstip and intipaddr <= intlastip:
	print('YES!')
else:
	print('NO!')