Menu
Note: This is not a library recommendation question. It is rather about possible approaches to the problem.
Question: What approaches are possible to retreive WhoIs information from given IP address in Python 3? The result should contain at least:
I am not looking for wrappers around the shell "whois" command as the program must work under Windows.
Before asking this question, google gave me the following libraries:
The following throw errors when installing via pip or when during importing:
BulkWhoisWhoisClientcymruwhoisdwhoisipwhoispyiptoolspython-whoispywhoisuwhoisdwhoiswhoislookupwhoispyThe following libraries do work in Python 3, however they do the reverse of what I want - they look up by domain name, not by IP address:
nicnamespythonwhoisI have looked into the following questions before asking:
698
We can use the WHOIS protocol to see who is the registered owner of the domain name. There is a Python module, called python-whois, for this protocol, documented at https://pypi.python.org/pypi/python-whois, which can be installed via pip using the pip install python-whois command. With the pythonwhois. net.
An IP WHOIS Lookup determines ownership information of any IP address. IP: Lookup. Search for IP WHOIS information using the IP WHOIS lookup tool for any allocated IP address. This tool provides you with the IP address owner's contact information.
To perform a search, users only need to go to http://whois.icann.org, enter a domain name, and click "Lookup."
Install the stable release of dnspython from here
Then pip3 install ipwhois.
In [37]: from ipwhois import IPWhois
In [38]: obj = IPWhois('74.125.225.229')
In [39]: res=obj.lookup()
In [40]: res["nets"][0]['country']
Out[40]: 'US'
In [41]: res["nets"][0]['abuse_emails']
Out[41]: '[email protected]'
In [42]: from pprint import pprint
In [43]: pprint(res)
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_registry': 'arin',
'nets': [{'abuse_emails': '[email protected]',
'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13T00:00:00',
'description': 'Google Inc.',
'misc_emails': None,
'name': 'GOOGLE',
'postal_code': '94043',
'state': 'CA',
'tech_emails': '[email protected]',
'updated': '2012-02-24T00:00:00'}],
'query': '74.125.225.229',
'raw': None}
HTTP:
In [44]: res=obj.lookup_rws()
In [45]: pprint(res)
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_registry': 'arin',
'nets': [{'abuse_emails': '[email protected]',
'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13T12:09:54-04:00',
'description': 'Google Inc.',
'misc_emails': None,
'name': 'GOOGLE',
'postal_code': '94043',
'state': 'CA',
'tech_emails': '[email protected]',
'updated': '2012-02-24T09:44:34-05:00'}],
'query': '74.125.225.229',
'raw': None}
The API has changed, for the legacy ipwhois IPWhois.lookup() is deprecated as of v0.12.0 and will be removed. Legacy whois lookups were moved to IPWhois.lookup_whois()..
You can access that method, I have disabled warnings to be able to see the output, there are deprecated warnings that should be taken into account in real use cases:
In [30]: from warnings import filterwarnings
In [31]: filterwarnings( action="ignore")
In [32]: from ipwhois import IPWhois
In [33]: obj = IPWhois('74.125.225.229')
In [34]: obj.lookup_whois()
Out[34]:
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_description': 'GOOGLE - Google Inc., US',
'asn_registry': 'arin',
'nets': [{'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13',
'description': 'Google Inc.',
'emails': ['[email protected]', '[email protected]'],
'handle': 'NET-74-125-0-0-1',
'name': 'GOOGLE',
'postal_code': '94043',
'range': '74.125.0.0 - 74.125.255.255',
'state': 'CA',
'updated': '2012-02-24'}],
'nir': None,
'query': '74.125.225.229',
'raw': None,
'raw_referral': None,
'referral': None}
The docs state, IPWhois.lookup_rdap() is now the recommended lookup method. RDAP provides a far better data structure than legacy whois and REST lookups (previous implementation). RDAP queries allow for parsing of contact information and details for users, organizations, and groups. RDAP also provides more detailed network information.
But following the usage example verbatim, or adding the asn_methods=["whois"]), stills gives deprecation warnings so, again, that is something that needs to be addressed in actual use cases.
In [31]: from ipwhois import IPWhois
In [32]: obj = IPWhois('74.125.225.229')
/usr/local/lib/python3.6/site-packages/ipwhois/net.py:138: UserWarning: allow_permutations has been deprecated and will be removed. It is no longer needed, due to the deprecation of asn_alts, and the addition of the asn_methods argument.
warn('allow_permutations has been deprecated and will be removed. '
In [33]: obj.lookup_rdap(asn_methods=["whois"])
/usr/local/lib/python3.6/site-packages/ipwhois/asn.py:302: UserWarning: IPASN._parse_fields_whois() has been deprecated and will be removed. You should now use IPASN.parse_fields_whois().
warn('IPASN._parse_fields_whois() has been deprecated and will be '
Out[33]:
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_description': 'GOOGLE - Google Inc., US',
'asn_registry': 'arin',
'entities': ['GOGL'],
'network': {'cidr': '74.125.0.0/16',
'country': None,
'end_address': '74.125.255.255',
'events': [{'action': 'last changed',
'actor': None,
'timestamp': '2012-02-24T09:44:34-05:00'},
{'action': 'registration',
'actor': None,
'timestamp': '2007-03-13T12:09:54-04:00'}],
'handle': 'NET-74-125-0-0-1',
'ip_version': 'v4',
'links': ['https://rdap.arin.net/registry/ip/074.125.000.000',
'https://whois.arin.net/rest/net/NET-74-125-0-0-1'],
'name': 'GOOGLE',
'notices': [{'description': 'By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use',
'links': ['https://www.arin.net/whois_tou.html'],
'title': 'Terms of Service'}],
'parent_handle': 'NET-74-0-0-0-0',
'raw': None,
'remarks': None,
'start_address': '74.125.0.0',
'status': None,
'type': None},
'nir': None,
'objects': {'GOGL': {'contact': {'address': [{'type': None,
'value': '1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES'}],
'email': None,
'kind': 'org',
'name': 'Google Inc.',
'phone': None,
'role': None,
'title': None},
'entities': ['ABUSE5250-ARIN', 'ZG39-ARIN'],
'events': [{'action': 'last changed',
'actor': None,
'timestamp': '2017-01-28T08:32:29-05:00'},
{'action': 'registration',
'actor': None,
'timestamp': '2000-03-30T00:00:00-05:00'}],
'events_actor': None,
'handle': 'GOGL',
'links': ['https://rdap.arin.net/registry/entity/GOGL',
'https://whois.arin.net/rest/org/GOGL'],
'notices': None,
'raw': None,
'remarks': None,
'roles': ['registrant'],
'status': None}},
'query': '74.125.225.229',
'raw': None}
An alternative easy solution that works with Python 3 now:
First import the following package:
pip install python-whois
Then execute the code:
import whois
w = whois.whois('74.125.225.229')
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
