Spam Tracing Tools
- All-Purpose Network Tools
- Whois
- Traceroute
- Routing Tools
- DNS Tools
- Email Validation Tools
- Safe Browsing
- Server Usage
All Purpose Network Tools
- Web Pages of Network Tools
- Windows Network Tools
- UNIX Network Tools
- Mac Network Tools
- Cross-platform Network Tools
Web Pages of Network Tools
These pages allow DNS lookups, whois, traceroute, and more.
DNSstuff - www.dnsstuff.com/ - also: Expert, Testbed and IPv6 tools
net.demon spam-fighting tools - www.netdemon.net/tools.html
SpamHelp Network Tools - www.spamhelp.org/tools.php
SpamTools: Japanese Antispam Tools - antispam.stakasaki.net/tools/spamclaim-tools.html
GeekTools - www.geektools.com/
network-tools - network-tools.com/
Web Based Network Tools - networktools.tk/, home01.wxs.nl/~houwe135/wbnt1/
Ad hoc IPTools Page - tatumweb.com/iptools.htm
Internet Tools Gateway - codeflux.com/exec/tools/
Tools for use with the internet - www.subnetonline.com/tools/alltools.html
TCP/IP Network Utilities - www.simplelogic.com/net_utils/AllUtils.asp
MSE WWW Japanese Tools - www.mse.co.jp/j_www/
Demon External Tools - www.demon.net/external/
InfoSysSec Network Tools - www.infosyssec.com/infosyssec/ipsectools.htm
hq42.net Networking Tools - www.hq42.net/net_tools/
U-Net Internet Lookup Tools - www.support.u-net.net/ns/
Seversniff - serversniff.net/index.php
Nerdlabs Tools - www.nerdlabs.org/tools/index.php
All Net Tools Network Toolbox - www.all-nettools.com/toolbox,net
LogBud - logbud.com/
Robtex - www.robtex.com/
Domain Tools - dns-tools.domaintools.com/
Windows Network Tools
net.demon downloads - www.netdemon.net/downloads/
eMailTracker.ro - www.emailtrackerpro.com/
NetInfo - netinfo.tsarfin.com/
URL Discombobulator - www.karenware.com/powertools/ptlookup.asp
Magic NetTrace - www.tialsoft.com/mnettrace/
Crime Scene Investigator - www.promailix.com/
PCHelp's Network Tracer - www.pc-help.org/trace.htm - DOS command line batch file
IP Search Toolbar - www.panix.com/~saint/ipsearch/
iNetTools - www.wildpackets.com/products/free_utilities/inettools/overview
Essential NetTools - www.tamos.com/products/nettools/
Unix Network Tools
SpamViz - www.spamviz.net/ - graphical network discovery
S-Trace - s-trace.sourceforge.net/ - graphical origin mapping
Mac Network Tools
WhatRoute - www.whatroute.net/
IPNetMonitor - www.sustworks.com/site/prod_ipmonitor.html
IPNetMonitor for OSX - www.sustworks.com/site/prod_ipmx_overview.html
Cross-platform Network Tools
Find Friends - www.grymoire.com/Spam/FF.pl - Perl
SpamFryer - oplnk.net/~ajackson/software/ - Perl
SpamViz - www.spamviz.net/ - graphical network discovery
Whois
Discover who owns an IP address or domain name.
Web Whois
These websites provide a universal whois service for any IP address or domain name.
GeekTools Whois Proxy - www.geektools.com/whois.php - at m5computersecurity
BW Whois - whois.bw.org/ - at heypete, cybernode, thover
CyberAbuse Whois - www.fr2.cyberabuse.org/whois/
SamSpade.org - samspade.org/
Whois Proxy - www.antispam.ru/cgi-bin/1/whois
whois-server - antispam.rin.ru/whois.html
WHOIS Domain Query - www.opinionatedgeek.com/DotNet/Tools/Whois/
Toolbot Whois - whois.toolbot.com/
Search For Any Domain In The World - www.alldomains.com/
Whois Finder - www.whoisfinder.com/
Abfrage von whois-Datenbanken - www.iks-jena.de/cgi-bin/whois
SecuritySpace whois - www.securityspace.com/swhois/whois.html
Whois365 - www.whois365.com/en/
Domain Searches
DomainTools - www.domaintools.com/
Search Web by Domain - searchdns.netcraft.com/
Whois Proxy Tools
Wrappers or proxies for whois save knowing the server to look up a query at.
Unix Whois Proxy Scripts
GeekTools Software - www.geektools.com/software.php
wp.cgi Whois Proxy - wp-whois-proxy.sourceforge.net/
BW Whois - whois.bw.org/
jwhois - www.gnu.org/software/jwhois/
whoiss - www.roble.com/docs/whoiss
gwhois - www.iecc.com/gwhois
debian whois - ftp.debian.org/debian/pool/main/w/whois/
Front-end to Internet Whois - www.unixwiz.net/tools/whois.html
Windows Whois Proxy Tools
Several of the tools here also provide whois functions.
CyberAbuse Whois - www.fr2.cyberabuse.org/whois/
Karen's WhoIs - www.karenware.com/powertools/ptwhois.asp
HotWhois - www.tialsoft.com/hwhois/
"Whois" for Windows - www.cix.co.uk/~net-services/spam/whois.htm
WhoisView - www.mytoolpad.com/open/whoisview/
Tafweb Whois - www.tafweb.com/whois.html
SmartWhois - www.tamos.com/products/smartwhois/
Other Whois Proxy Scripts
ASPNet Whois - www.aspnetwhois.com/ - ASP
phpWhois - phpwhois.com/ - PHP
rxwhois - purl.net/xyzzy/src/rxwhois.cmd - REXX script working on OS/2
Net::XWhois - search.cpan.org/dist/Net-XWhois/ - Perl
iwhois - seegras.discordia.ch/Programs/iwhois - Perl
Whois Proxy Servers
These servers will proxy whois requests to the correct whois server, and can be integrated with scripts.
You can use these servers to handle any IP and domain whois lookups.
Thur.de - whois.thur.de
Geektools - whois.geektools.com - see: whois.geektools.com/cgi-bin/proxy.cgi
Whois-servers - <tld>.whois-servers.net - e.g. us.whois-servers.net - see: www.whois-servers.net/
Cyberabuse - whois.cyberabuse.org - see: www.fr2.cyberabuse.org/whois/
Worldwide WHOIS
RIR (IP Space) Whois
Regional Internet Registries (RIRs) assign IP addresses to countries within their region. RIRs make a list of to whom they have assigned IP address available via whois. You can access whois either via the whois service or by accessing these websites.
ARIN - www.arin.net/tools/ - North America (whois.arin.net)
APNIC - www.apnic.net/ - Asia-Pacific and Australia (whois.apnic.net)
RIPE - www.ripe.net/whois - Europe (full text search) (whois.ripe.net)
LACNIC - www.lacnic.net/en/ - Latin America and Caribbean (whois.lacnic.net)
AfriNIC - www.afrinic.net/ - Africa (whois.afrinic.net)
Namespace Whois
Generic Top-Level Domains - www.iana.org/gtld/gtld.htm - gTLDs
Root-Zone Whois Index by TLD Code - www.iana.org/cctld/cctld-whois.htm - ccTLDs
Domain name registries around the world - www.norid.no/domenenavnbaser/domreg.html - ccTLDs
IANA Whois Service - whois.iana.org/ - limited to .int and details of TLD ownership
AfriDNS - afridns.org/ - African domain names
ICANN-Accredited Registrars - www.icann.org/registrars/accredited-list.html
.info registrars by ID - www.afilias.info/cgi-bin/registrar-id.cgi
Whois Proxy for .KR cc-tld - www.chebucto.ns.ca/~af380/kr-whois.html - .kr
Worldwide Whois
List of Internet whois servers - ftp://sipb.mit.edu/pub/whois/whois-servers.list
Anti-spam Whois List - www.helsinki.fi/~peuha/english/antispam.shtml
Traceroute
Traceroute Websites
tracert - www.tracert.com/cgi-bin/trace.pl, www.tracert.com/
traceroute.org - www.traceroute.org/
GeekTools Traceroute - www.geektools.com/traceroute.php
Reverse Traceroute/Looking Glass Search - www.caida.org/cgi-bin/reversetraceroute/assearch.cgi/
Traceroute Wiki - www.bgp4.net/tr
PI NOC Advanced Traceroute (TCP traceroute) - noc.pacific.net.sg/advancetools/traceroute.html
Traceroute Mesh Server - tr.meta.net.nz/tr.php
TCP, ICMP, UDP and Layer4 traceroute from ServerSniff - serversniff.net/
Traceroute Applications
Unix Traceroute Applications
Unix comes with the standard “traceroute” tool, used from the command line. These tools provide additional power and flexibility and can prove useful if a spammer is falsifying results to normal traceroutes.
tcptraceroute - michael.toren.net/code/tcptraceroute/
hping - www.hping.org/
TraceProto - traceproto.sourceforge.net/
Xtraceroute - www.dtek.chalmers.se/~d3august/xt/
Layer Four Traceroute (LFT) - pwhois.org/lft/
Windows Traceroute Applications
Ping Plotter - www.pingplotter.com/
VisualRoute - www.visualiptrace.com/
3d Traceroute - www.hlembke.de/prod/3dtraceroute/
Layer Four Traceroute (LFT) - www.mainnerve.com/lft/
NetScanTools Pro Traceroute - www.netscantools.com/nstpro_traceroute.html
hping - www.hping.org/
Path Analyzer Pro - www.pathanalyzer.com/
Routing Tools
You can check which providers are giving a spammer connectivity (if he has his own AS) using these tools.
RIPE RIS - www.ripe.net/ris/
FixedOrbit - www.fixedorbit.com/
Java Autonomous System Path VIsualisation - lab.verat.net/Jaspvi/
CIDR Report - www.cidr-report.org/
Team Cymru IP to ASN Lookup - asn.cymru.com/
BGPLay @ Routeviews - bgplay.routeviews.org/bgplay/
Robtex AS - www.robtex.com/as/
BGP-Inspect-Routeviews - bgpinspect.merit.edu/
Netlantis - www.netlantis.org/
PWhois - pwhois.org/webquery.who
Query Routeviews and Cymru by DNS:
Get AS records for IP a.b.c.d (DNS query for the TXT record of d.c.b.a.<server>):
Routeviews - asn.routeviews.org or aspath.routeviews.org - see: www.routeviews.org/
Cymru - origin.asn.cymru.com or peer.asn.cymru.com - see: www.cymru.com/BGP/asnlookup.html
Query RIPE RIS, Cymru and PWhois by whois (whois -h <server> a.b.c.d):
RIPE - riswhois.ripe.net - see: www.ripe.net/ris/
Cymru - whois.cymru.com and peer.whois.cymru.com - see: www.cymru.com/BGP/asnlookup.html
PWhois - whois.pwhois.org
Email Validation Tools
You can attempt to validate that a mailbox is real and will accept mail with these tools.
Test an email address - www.hq42.net/net_tools/test_email_addr.php
Validate email addresses - hexillion.com/asp/samples/ValidateEmail.asp
Validate email addresses - coveryourasp.com/ValidateEmail.asp
Email Address Checker - www.broadband-help.com/tools/email-check/
DNS Tools
These tools provide information on the DNS servers for a domain. If you wish to look up hostnames or ip addresses to get DNS information use one of the all-purpose tools. On systems with BIND installed, use DIG.
DNS Tool Downloads
dnstracer - www.mavetju.org/unix/dnstracer.php - get the binary here: www.mavetju.org/unix/general.php
DIG for Windows - pigtail.net/LRP/dig/ - Windows
nsbatch - www.jimprice.com/jim-soft.htm#nsbatch - Windows
ClientDNS - yellowhead.com/clientdns.htm - Windows
DNS Tools Online
Squish.net dns checker for experts - www.squish.net/dnscheck/
DNSCHECK - www.dnscheck.se/
Alentus Name Service Delegation Check - dns.alentus.com/
The DNS Sleuth - atrey.karlin.mff.cuni.cz/~mj/sleuth/
DNS Auth Trace - freedns.afraid.org/
DNS Bajaj - www.zonecut.net/dns/
Quick DNS Check - pingability.com/zoneinfo.jsp
DNS Enumeration
These tools can be used to proactively discover hosts that exist for a particular domain. Although not malicious, they are more aggressive than other tools and should only be used if you understand why you are using them.
nmap with -sL option - insecure.org/nmap/
Virtual Hosts Hacking - www.revhosts.net/index.php?title=Main_Page
Reverse DNS for a subnet - abuso.cantv.net/p/dyn.cgi
Fierce Domain Scan - ha.ckers.org/fierce/
dnsmap - unknown.pentester.googlepages.com/
dnsenum - www.filip.waeytens.easynet.be/
Virtual Host Enumerator (venum) - www.ikwt.com/projects/venum/
TXDNS - www.txdns.net/
Safe Browsing
Safe Browsers
“Safe” (or text based) browsers are available online, and are also available in some of the Windows anti-spam tools.
Web Sniffer - web-sniffer.net/ - web-based
wannaBrowser - www.wannabrowser.com/ - web-based
Sleuth - www.sandsprite.com/Sleuth/
Spamstopper's notebook: curl - www.rickconner.net/spamweb/tools-curl.html
URL Malware and Rating Checkers
SCOUT — Speedy Complete Online URL Test - www.nz-honeynet.org/cwebservice.php
LinkScanner Online - linkscanner.explabs.com/linkscanner/
SmartFilterWhere URL checker - securecomputing.com/sfwhere/index.cfm
FinJan URL Analysis - www.finjan.com/Content.aspx?id=574
FortiGuard Web Filtering URL submission - www.fortiguardcenter.com/webfiltering/webfiltering2.html
Site Truth - www.sitetruth.com/yhoo.html
Server Usage
These services can be used to expand knowledge of servers used by spammers, variously allowing you to look up webservers running in an IP range, domains sharing a name server, mail servers sending from a subnet or virtual webservers running on the same network address.
Netcraft “What's that Site Running” - uptime.netcraft.com/
Directi Advanced WHOIS Lookup! - whois.webhosting.info/
Senderbase - www.senderbase.org/senderbase_queries/main?searchString=
Web-Max Reverse Whois Lookup - www.web-max.ca/tools/domain.php
RUS CERT Passive DNS Replication - cert.uni-stuttgart.de/stats/dns-replication.php
DomainTools Reverse IP - www.domaintools.com/reverse-ip/ - needs login
DOMAINSDB.NET - www.domainsdb.net/
Hostnames for IP Addresses - serversniff.net/content.php?do=hostonip
MSN search by IP address - search.msn.com/docs/help.aspx?t=SEARCH_REF_AdvSrchOperators.htm#op_ip
Gigablast search by IP address - www.gigablast.com/help.html
TrustedSource - trustedsource.org/
The Whole Internet - thewholeinternet.wordtothewise.com/
This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 26-Mar-2008