Skip to main content

IP Whois Resolution and Parsing

Project description

ipwhois is a simple package for retrieving and parsing whois data for IPv4 and IPv6 addresses.

The various NICs are pretty inconsistent with formatting Whois results and the information contained within. I am still working through how to parse some of these fields in to standard dictionary keys.

This version requires Python 3.3+ (for the ipaddress library) and dnspython3.

Usage Examples

Typical usage:

>>>> from ipwhois import IPWhois
>>>> from pprint import pprint

>>>> obj = IPWhois('74.125.225.229')
>>>> results = obj.lookup()
>>>> pprint(results)

{
'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_registry': 'arin',
'nets': [{'abuse_emails': 'arin-contact@google.com',
          'address': '1600 Amphitheatre Parkway',
          'cidr': '74.125.0.0/16',
          'city': 'Mountain View',
          'country': 'US',
          'description': 'Google Inc.',
          'misc_emails': None,
          'name': 'GOOGLE',
          'postal_code': '94043',
          'state': 'CA',
          'tech_emails': 'arin-contact@google.com'}],
'query': '74.125.225.229',
'raw': None
}

REST (HTTP):

>>>> from ipwhois import IPWhois
>>>> from pprint import pprint

>>>> obj = IPWhois('74.125.225.229')
>>>> results = obj.lookup_rws()
>>>> pprint(results)

{
'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_registry': 'arin',
'nets': [{'abuse_emails': 'arin-contact@google.com',
          'address': '1600 Amphitheatre Parkway',
          'cidr': '74.125.0.0/16',
          'city': 'Mountain View',
          'country': 'US',
          'description': 'Google Inc.',
          'misc_emails': None,
          'name': 'GOOGLE',
          'postal_code': '94043',
          'state': 'CA',
          'tech_emails': 'arin-contact@google.com'}],
'query': '74.125.225.229',
'raw': None
}

Proxy:

>>>> from urllib import request
>>>> from ipwhois import IPWhois
>>>> handler = request.ProxyHandler({'http': 'http://192.168.0.1:80/'})
>>>> opener = request.build_opener(handler)
>>>> obj = IPWhois('74.125.225.229', proxy_opener = opener)

Hostname:

>>>> from ipwhois import IPWhois
>>>> from pprint import pprint

>>>> obj = IPWhois('74.125.225.229')
>>>> results = obj.get_host()
>>>> pprint(results)

('dfw06s26-in-f5.1e100.net', [], ['74.125.225.229'])

Countries:

>>>> from ipwhois import IPWhois
>>>> from ipwhois.utils import get_countries

>>>> countries = get_countries()
>>>> obj = IPWhois('74.125.225.229')
>>>> results = obj.lookup(False)
>>>> print(countries[results['nets'][0]['country']])

United States

Installing

Latest version from PyPi:

pip install ipwhois

Latest version from GitHub:

pip install -e git+https://github.com/secynic/ipwhois@master#egg=ipwhois

Parsing

Parsing is currently limited to CIDR, country, name, description, state, city, address, postal_code, abuse_emails, tech_emails, and misc_emails fields. This is assuming that those fields are present.

Some IPs have parent networks listed. The parser attempts to recognize this, and break the networks into individual dictionaries. If a single network has multiple CIDRs, they will be separated by ‘, ‘.

Sometimes, you will see whois information with multiple consecutive same name fields, e.g., Description: some text\nDescription: more text. The parser will recognize this and the returned result will have these separated by ‘\n’.

REST (HTTP)

IPWhois.lookup_rws() should be faster than IPWhois.lookup(), but may not be as reliable. APNIC, LACNIC, and AFRINIC do not have a Whois-RWS service yet. We have to rely on the Ripe RWS service, which does not contain all of the data we need.

Changelog

0.3.0 (2013-09-30)

  • Fixed get_countries() to work with frozen executables.

  • Added dnspython3 rdtypes import to fix issue with frozen executables.

  • Moved iso_3166-1_list_en.xml to /data.

  • Added retry_count to IPWhois.lookup() and IPWhois.lookup_rws().

0.2.1 (2013-09-27)

  • Fixed LACNIC CIDR validation on IPWhois.lookup().

  • Fixed bug in IPWhois.get_whois() for query rate limiting. This was discovered via testing multiprocessing with 8+ processes running asynchronously.

0.2.0 (2013-09-23)

  • Added support for emails (keys: abuse_emails, tech_emails, misc_emails).

  • Changed regex to use group naming for more complex searching.

  • Added some missing exception handling in lookup_rws().

0.1.9 (2013-09-18)

  • Added exceptions to import in __init__.py.

  • Added IPWhois.__repr__().

  • Moved exceptions to get_*() functions.

  • Added exception HostLookupError.

  • Various optimizations.

  • Added some unit tests.

0.1.8 (2013-09-17)

  • Removed set_proxy() in favor of having the user provide their own urllib.request.OpenerDirector instance as a parameter to IPWhois().

  • Restructured package in favor of modularity. get_countries() is now located in ipwhois.utils.

  • Added exception WhoisLookupError for IPWhois.lookup() and IPWhois.lookup_rws().

0.1.7 (2013-09-16)

  • Fixed bug in set_proxy().

  • Removed ARIN top level network entries from return dictionary of IPWhois.lookup_rws().

  • Fixed bug in ARIN RWS parsing when only one network.

0.1.6 (2013-09-16)

  • Added IPWhois.get_host() to resolve hostname information.

  • Added address and postal_code fields to parsed results.

  • Normalized single/double quote use.

0.1.5 (2013-09-13)

  • Added set_proxy() function for proxy support in Whois-RWS queries.

  • Added IPWhois.lookup_rws() function for Whois-RWS queries.

0.1.4 (2013-09-12)

  • Added validity checks for the asn_registry value due to a bug in the Team Cymru ASN lookup over night.

  • Added timeout argument to IPWhois(). This is the default timeout in seconds for socket connections.

  • Fixed decoding issue in IPWhois.get_whois().

0.1.3 (2013-09-11)

  • Added exception handling with query retry support for socket errors, timeouts, connection resets.

  • Moved ASN queries to their own functions (IPWhois.get_asn_dns() and IPWhois.get_asn_whois())

  • Moved whois query to its own function (IPWhois.get_whois())

  • Country codes are now forced as upper case in the return dictionary.

0.1.2 (2013-09-10)

  • Fixed file path for get_countries().

  • Fixed variable names that conflicted with builtins.

  • Added content to README.

  • Moved CHANGES.txt to CHANGES.rst and added to setup.py.

  • Download URL now points to GitHub master tarball.

0.1.1 (2013-09-09)

  • Fixed README issue.

0.1.0 (2013-09-06)

  • Initial release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ipwhois-0.3.0.zip (21.6 kB view details)

Uploaded Source

File details

Details for the file ipwhois-0.3.0.zip.

File metadata

  • Download URL: ipwhois-0.3.0.zip
  • Upload date:
  • Size: 21.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for ipwhois-0.3.0.zip
Algorithm Hash digest
SHA256 6b98eccf73a84482462e1c3d4bef0c8c0de0413afad7a697ec3a07ec9cc5102c
MD5 eca8f6ed10880f5a23a659e4b77c3be4
BLAKE2b-256 e5dd7b92aa5f79e80ba464595e882c56ad2166f3672ac6132fbde1f856636259

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page