Skip to main content

Bulk WHOIS search

Project description

Installation

Depending on if you want only this tool, the full set of PNU tools, or PNU plus a selection of additional third-parties tools, use one of these commands:

pip install pnu-wis
pip install PNU
pip install pytnix

:warning: This tool is not yet included in the PNU and pytnix distributions

WIS(1)

NAME

wis - Bulk WHOIS Search

SYNOPSIS

wis
[-1|--first] [-c|--case] [-d|--dirname DIR] [-e|--exclude FILE] [-f|--filename FILE] [-i|--inet4] [-I|--inet6] [-r|--range] [-s|--summary] [-S|--summaryonly] [--debug] [--help|-?] [--version] [--] KEYWORD [...]

DESCRIPTION

The wis utility searches for keyword(s) within bulk WHOIS database(s).

Beside saving multiple WHOIS queries, using pre-downloaded bulk WHOIS databases enables to do plain text searches on all the WHOIS records.

You can either select one specific database (in plain text or gzipped format) using the -f|--filename FILE option, or/and a directory containing all your databases using the -d|--dirname DIR option.

Use the -c|--case option to make your searches case sensitive.

Use the -e|--exclude FILE option to provide a one-excluded-case-insensitive-keyword-per-line file to filter out matching records.

You'll then obtain a list of records matching at least one of your keywords, and not matching any of the excluded keywords.

If you use the -1|--first option, you'll instead only obtain the first line of each matching record.

If you use the -i|--inet4 and/or -I|--inet6 option(s), you'll instead obtain only matching inetnum or inet6num records reformatted as a pipe-separated-values of networks:

starting IP address|ending IP Address|netname|descr|org|country

If you add the -r|--range option to the last ones, you'll instead obtain only matching inetnum or inet6num records reformatted as a pipe-separated-values of hosts:

IP address|type|subnet|netname|descr|org|country

Where type is either "Network" for the first address in a subnet, "Broadcast" for the last address in a subnet or "IP address" for the rest.

If you use the *-s|--summary" option, you'll get a summary of the record types found (from the first line of each matching record, before the colon).

If you use the -S|--summaryonly option you'll only get that.

OPTIONS

Options Use
-1|--first Show only the first line of each matching record
-c|--case Make searches case sensitive
-d|--dirname DIR Use databases from the DIR directory name
-e|--exclude FILE Exclude words from the FILE file name
-f|--filename FILE Use database from the FILE file name
-i|--inet4 Show only reformatted inetnum records
-I|--inet6 Show only reformatted inet6num records
-r|--range Show expanded inet(6)num ranges
-s|--summary Show a summary of the type of matching records
-S|--summaryonly Show only a summary of the type of matching records
--debug Enable debug mode
--help|-? Print usage and a short help message and exit
--version Print version and exit
-- Options processing terminator

ENVIRONMENT

The WIS_DEBUG environment variable can also be set to any value to enable debug mode.

FILES

The wis utility uses bulk WHOIS databases downloaded from the main Regional Internet Registries (RIR) and National Internet Registries (NIR).

The provided "fetch-db-WHOIS.sh" script can be used for doing this.

You can also use bulk RR (Routing Registries) databases, that you can download with the provided "fetch-db-RR.sh" script.

Be sure to read the databases respective terms of use before!

EXIT STATUS

The wis utility exits 0 on success, and >0 if an error occurs.

EXAMPLES

Assuming that you have installed the available bulk WHOIS databases (in gzipped format) in a directory named "db", and that you made a one-excluded-keyword-per-line file named "excluded.txt", use the following commands:

  • to extract full WHOIS information about matching blocks:
wis -d db -e excluded.txt keyword1 keyword2 keyword3
  • to extract only the first line of WHOIS information about matching blocks:
wis -d db -e excluded.txt -1 keyword1 keyword2 keyword3
  • to extract an IPv4 network summary about matching blocks:
wis -d db -e excluded.txt -i keyword1 keyword2 keyword3
  • to extract an IPv4 host summary about matching blocks:
wis -d db -e excluded.txt -ir keyword1 keyword2 keyword3
  • to analyze a database record types:
wis -f database_name.db.gz -S 

SEE ALSO

whois(1)

STANDARDS

The wis utility is not a standard UNIX command.

This implementation tries to follow the PEP 8 style guide for Python code.

PORTABILITY

To be tested under Windows.

HISTORY

This implementation was made for the PNU project.

Its first use case was to identify all my company's IP addresses ranges through the world, helping to secure our networks and identify shadow IT...

The initial name of the command was "AS Search", but the resulting short form seemed problematic... So I went for a wiser name :smiley:

LICENSE

It is available under the 3-clause BSD license.

AUTHORS

Hubert Tournier

CAVEAT

Only the AFRINIC, RIPE, APNIC, APNIC/JPNIC, APNIC/TWNIC and APNIC/KISA databases have useful domain, inetnum, inet6num and organisation information.

LACNIC does not provide useful inetnum and inet6num information.

ARIN, APNIC/IDNIC, APNIC/CNNIC, APNIC/VNNIC and APNIC/IRINN do not provide domain, inetnum, inet6num and organisation information at all.

However you can find route information from all of them, which can then be used with regular WHOIS queries.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pnu_wis-1.0.0.tar.gz (14.3 kB view details)

Uploaded Source

Built Distribution

pnu_wis-1.0.0-py3-none-any.whl (12.4 kB view details)

Uploaded Python 3

File details

Details for the file pnu_wis-1.0.0.tar.gz.

File metadata

  • Download URL: pnu_wis-1.0.0.tar.gz
  • Upload date:
  • Size: 14.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.15

File hashes

Hashes for pnu_wis-1.0.0.tar.gz
Algorithm Hash digest
SHA256 9a79799321c15980ea90237e59ff2872a27fb5f766c2d2c68f72b8a6fd1a636d
MD5 c422dd69f4eae1f80b0b78503de39fd4
BLAKE2b-256 58aba696efb223674739ee95935738ac84f639af0fd558075aed9011a036c0b5

See more details on using hashes here.

File details

Details for the file pnu_wis-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: pnu_wis-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 12.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.15

File hashes

Hashes for pnu_wis-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 555d60e019b65d4e0a96eae517ff4c00a18cef79d323beb8eb2f833635bc6def
MD5 bf01dd9e0ad24919132eef780397561b
BLAKE2b-256 7fea298ec301b30cf5e8c956fc45d46454f33e9f89f7b91af06f2ab0d2b8db79

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page