Zeek InternetDB plugin provides 2 functions that lookup IP properties: cpes, hostnames, open ports, tags and vulnerabilities.
You can run the function from the terminal:
zeek -e 'print InternetDB::lookup_internetdb_api(1.1.1.1)'
Output should look like this:
[ip=1.1.1.1, cpes=[], hostnames=["one.one.one.one"], ports=[53,80,443], tags=[], vulns=[]]
This function requires an offline copy of the InternetDB SQLite file as configured previously. If you have the offline database available then the following function should work:
zeek -e 'print InternetDB::lookup_internetdb_sqlite(1.1.1.1)'
Output should look like this:
Opened database successfully
[ip=1.1.1.1, cpes=[], hostnames=["one.one.one.one"], ports=[53,80,443], tags=[], vulns=[]]