Skip to main content

Whois client wrapper producing a terse, single-line format.

Project description

whois-format

Whois client wrapper producing a terse, single-line format.

Why?

When dealing with security threats, an important aspect to analyze and track is the attacker's infrastructure (ref. Diamond Model). WHOIS provides a distributed database containing registered domain information, and an associated protocol for querying this information.

One issue with WHOIS data is that as a directory record format, it can contain a lot of information - sometimes many dozens of lines of output, with some being repeated, and in the modern day, much of this being boilerplate redacted information due to WHOIS privacy. Additionally, not every registry's record format is the same, so the lack of consistency can be difficult to deal with. As an analyst, when looking up domain name information, this can be tedious. In some cases, you may spend a good amount of time copying, pasting and formatting data from WHOIS records.

Features

This tool attempts to ease this by presenting WHOIS information in a brief format:

  • Domain information in a terse, consistent single-line layout.
  • Suitable for grep(1) and for arranging on a page in a readable columnar format.
  • Information output is only key fields useful for typical purposes: domain name, registration date, registrar, nameservers, registrant name (or organization), and registrant email.

The output format is optimized for plain text use, and fields are separated using two spaces, with multiple value fields separated with a comma and space. This format is intended for reading, not parsing.

A default sleep time of 15 seconds is implemented as a blunt pause so that lookups don't trigger thresholds on WHOIS servers, which can result in blocklisting or further data redaction. When looking up multiple domains, this version of the tool pauses to collect information on all domains before outputting any data (this needs to be improved). This threshold can be adjusted using the -s option.

whois-format uses the python-whois library to query WHOIS.

Setup

It's recommended to use pipx for easy setup and isolation:

pipx install whois-format

Examples

Looking up a single input domain. The same syntax supports passing additional domains on the command line:

$ whois-format -d iana.org
IANA.ORG  1995-06-05  CSC Corporate Domains, Inc.  iana-servers.net, icann.org  REDACTED FOR PRIVACY  domainabuse@cscglobal.com

Querying for a list of domains from a newline-separated file:

$ whois-format -f tests/sample_domains.txt 
IANA.ORG       1995-06-05  CSC Corporate Domains, Inc.  icann.org, iana-servers.net   REDACTED FOR PRIVACY     domainabuse@cscglobal.com
ICANN.ORG      1998-09-14  GoDaddy.com, LLC             icann.org, icann-servers.net  REDACTED FOR PRIVACY     abuse@godaddy.com
SLACKWARE.COM  1995-12-26  Network Solutions, LLC       cwo.com                       Slackware Linux Project  abuse@web.com, volkerdi@gmail.com, domain.operations@web.com

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

whois_format-0.1.0b1.tar.gz (5.5 kB view details)

Uploaded Source

Built Distribution

whois_format-0.1.0b1-py3-none-any.whl (5.9 kB view details)

Uploaded Python 3

File details

Details for the file whois_format-0.1.0b1.tar.gz.

File metadata

  • Download URL: whois_format-0.1.0b1.tar.gz
  • Upload date:
  • Size: 5.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.2

File hashes

Hashes for whois_format-0.1.0b1.tar.gz
Algorithm Hash digest
SHA256 6e9d3ea03a82fb65d0927414d8fb831486325e1c013f975e5ae42f28a9358669
MD5 890b1417b369efa15c0f5215cd7e150f
BLAKE2b-256 26e98e86d4c8df679e350e10248835bb874ef583a2b2beddf8a5bc3990a06e45

See more details on using hashes here.

File details

Details for the file whois_format-0.1.0b1-py3-none-any.whl.

File metadata

File hashes

Hashes for whois_format-0.1.0b1-py3-none-any.whl
Algorithm Hash digest
SHA256 7dd5561066a475fbeff2baf09dcda34a6dc41205cbff6e284c4b29004c766d2e
MD5 d524c8fd5c71a8ea3d9287b8d93195a2
BLAKE2b-256 4ad8c65f1230d9bec99a5db9ead486d2496fad1b170232c9ccb525fad7f3733c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page