Whois client wrapper producing a terse, single-line format.
Project description
whois-format
Whois client wrapper producing a terse, single-line format.
Why?
When dealing with security threats, an important aspect to analyze and track is the attacker's infrastructure (ref. Diamond Model). WHOIS provides a distributed database containing registered domain information, and an associated protocol for querying this information.
One issue with WHOIS data is that as a directory record format, it can contain a lot of information - sometimes many dozens of lines of output, with some being repeated, and in the modern day, much of this being boilerplate redacted information due to WHOIS privacy. Additionally, not every registry's record format is the same, so the lack of consistency can be difficult to deal with. As an analyst, when looking up domain name information, this can be tedious. In some cases, you may spend a good amount of time copying, pasting and formatting data from WHOIS records.
Features
This tool attempts to ease this by presenting WHOIS information in a brief format:
- Domain information in a terse, consistent single-line layout.
- Suitable for grep(1) and for arranging on a page in a readable columnar format.
- Information output is only key fields useful for typical purposes: domain name, registration date, registrar, nameservers, registrant name (or organization), and registrant email.
The output format is optimized for plain text use, and fields are separated using two spaces, with multiple value fields separated with a comma and space. This format is intended for reading, not parsing.
A default sleep time of 15 seconds is implemented as a blunt pause so that
lookups don't trigger thresholds on WHOIS servers, which can result in
blocklisting or further data redaction. When looking up multiple domains,
this version of the tool pauses to collect information on all domains
before outputting any data (this needs to be improved). This threshold
can be adjusted using the -s
option.
whois-format uses the python-whois library to query WHOIS.
Setup
It's recommended to use pipx for easy setup and isolation:
pipx install whois-format
Examples
Looking up a single input domain. The same syntax supports passing additional domains on the command line:
$ whois-format -d iana.org
IANA.ORG 1995-06-05 CSC Corporate Domains, Inc. iana-servers.net, icann.org REDACTED FOR PRIVACY domainabuse@cscglobal.com
Querying for a list of domains from a newline-separated file:
$ whois-format -f tests/sample_domains.txt
IANA.ORG 1995-06-05 CSC Corporate Domains, Inc. icann.org, iana-servers.net REDACTED FOR PRIVACY domainabuse@cscglobal.com
ICANN.ORG 1998-09-14 GoDaddy.com, LLC icann.org, icann-servers.net REDACTED FOR PRIVACY abuse@godaddy.com
SLACKWARE.COM 1995-12-26 Network Solutions, LLC cwo.com Slackware Linux Project abuse@web.com, volkerdi@gmail.com, domain.operations@web.com
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file whois_format-0.1.0b1.tar.gz
.
File metadata
- Download URL: whois_format-0.1.0b1.tar.gz
- Upload date:
- Size: 5.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6e9d3ea03a82fb65d0927414d8fb831486325e1c013f975e5ae42f28a9358669 |
|
MD5 | 890b1417b369efa15c0f5215cd7e150f |
|
BLAKE2b-256 | 26e98e86d4c8df679e350e10248835bb874ef583a2b2beddf8a5bc3990a06e45 |
File details
Details for the file whois_format-0.1.0b1-py3-none-any.whl
.
File metadata
- Download URL: whois_format-0.1.0b1-py3-none-any.whl
- Upload date:
- Size: 5.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7dd5561066a475fbeff2baf09dcda34a6dc41205cbff6e284c4b29004c766d2e |
|
MD5 | d524c8fd5c71a8ea3d9287b8d93195a2 |
|
BLAKE2b-256 | 4ad8c65f1230d9bec99a5db9ead486d2496fad1b170232c9ccb525fad7f3733c |