There's an interesting WHOIS Web service at TryNT. If you are scanning a range of addresses trying to determine the owner it's useful to automate.
Apparently TryNT gets banned from certain IP ranges, or simply going too hard at Whois servers, so sometimes the query returns error. But for the most part it works.
Here's how one can query Whois via TryNT webService:
PS C:\Users\dxs\Code\powershell> gc .\Whois-Webservice.ps1
function IpOwner(
[string]$ip="4.2.2.2"
){
BEGIN{
$whois=@{"query"=$ip};
$ErrorActionPreference="SilentlyContinue"
}
PROCESS {
#$uri="http://75.101.151.29/whois-api/v1/?h="+$ip+"&f=0"
$uri="http://www.trynt.com/whois-api/v1/?h="+$ip+"&f=0"
$resp=[xml](New-Object -TypeName System.Net.WebClient).Downloadstring($uri)
$whois.Add("organization",
$($resp.SelectNodes(
"descendant::Trynt/Whois/regrinfo/owner/organization") |
% { $_.InnerXml}) )
$whois.Add("TechEmail",
$($resp.SelectNodes(
"descendant::Trynt/Whois/regrinfo/tech/email") |
% { $_.InnerXml}) )
}
END{
Write-Host $whois.Values
}
}
1..254 | % { sleep(2); IpOwner("124.$_.165.1") }
The run:
PS C:\Users\dxs\Code\powershell> .\Whois-Webservice.ps1
SK Networks co., Ltd 124.1.165.1
WADONG ELEMENTARY SCHOOL 5ypascal@lycos.co.kr 124.2.165.1
Jeonrabukdo Wanju Education Office i3cc11@hanmail.net 124.3.165.1
GE Capital International Services munish.dargan@ge.com 124.4.165.1
KuRO TV noc@cnm.co.kr 124.5.165.1
NETWORK_VISMIN_DSL_IP_POOL aaa81020@globenet.com.ph 124.6.165.1
SIFY INFRASTRUCTURE ipadmin@sifycorp.com 124.7.165.1
Taiwan Fixed Network CO.,LTD. steve_huang@howin.com.tw 124.8.165.1
Taiwan Fixed Network CO.,LTD. steve_huang@howin.com.tw 124.9.165.1
Taiwan Fixed Network CO.,LTD. steve_huang@howin.com.tw 124.10.165.1
Taiwan Fixed Network CO.,LTD. steve_huang@howin.com.tw 124.11.165.1
Taiwan Fixed Network CO.,LTD. steve_huang@howin.com.tw 124.12.165.1
TELEKOM MALAYSIA BERHAD ssc@tmnet.com.my 124.13.165.1
6F Greatwall Bldg., A38 Xueyuan Road Haidian District,Beijing speed0822@sina.com 124.14.165.1
6F Greatwall Bldg., A38 Xueyuan Road Haidian District,Beijing speed0822@sina.com 124.15.165.1
China Science & Technology Network lihong@cstnet.net.cn 124.16.165.1
Wednesday, May 27, 2009
Querying WHOIS Webservice with Powershell
Posted by snow at 11:17 AM
Subscribe to:
Post Comments (Atom)
FYI, Hexillion has a similar Whois API. It requires a paid account for more than a few queries per day but has 2 key advantages: 1) it gets blocked a lot less, and 2) it parses out more information. You can try it out here:
ReplyDeleteHexillion Whois API
@Gavin:
ReplyDeleteLooks interesting and comprehensive. One curious detail is that user credentials are clear text in the REST request:
https://hexillion.com/rf/xml/1.0/auth/?username=XYZCorp&password=As42lg9o3
I only looked at the docs - not sure if there are plans to wrap it more securely.
@snow:
ReplyDeleteThat's an HTTPS URL, so the password will be encrypted over the wire. It will be stored in plain text in the web server logs, however, so using a POST request would be better. The docs recommend POST, but I have updated them to emphasize the point.
Also, I see that I botched the link in my comment (though you figured it out). It should be:
Hexillion Whois API
@Gavin:
ReplyDeleteSure. I was just thinking of client url histories and such. Thanks for clarification.