Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get WhoIs info by IP in Python 3?

Note: This is not a library recommendation question. It is rather about possible approaches to the problem.

Question: What approaches are possible to retreive WhoIs information from given IP address in Python 3? The result should contain at least:

  • Registration country
  • ISP name, address, abuse email
  • If registered, the domain name
  • Registration and expiery dates
  • Bonus points if the result is not plain text and is the above info is structured

I am not looking for wrappers around the shell "whois" command as the program must work under Windows.

Before asking this question, google gave me the following libraries:

The following throw errors when installing via pip or when during importing:

  • BulkWhois
  • WhoisClient
  • cymruwhois
  • dwhois
  • ipwhois
  • pyiptools
  • python-whois
  • pywhois
  • uwhoisd
  • whois
  • whoislookup
  • whoispy

The following libraries do work in Python 3, however they do the reverse of what I want - they look up by domain name, not by IP address:

  • nicnames
  • pythonwhois

I have looked into the following questions before asking:

  • How do I run a WHOIS lookup with PHP or Python?
  • python whois for windows
  • https://stackoverflow.com/questions/16753309/python-whois-library
like image 698
Babken Vardanyan Avatar asked Jul 04 '14 20:07

Babken Vardanyan


People also ask

How do you use WHOIS in Python?

We can use the WHOIS protocol to see who is the registered owner of the domain name. There is a Python module, called python-whois, for this protocol, documented at https://pypi.python.org/pypi/python-whois, which can be installed via pip using the pip install python-whois command. With the pythonwhois. net.

What is WHOIS IP Lookup?

An IP WHOIS Lookup determines ownership information of any IP address. IP: Lookup. Search for IP WHOIS information using the IP WHOIS lookup tool for any allocated IP address. This tool provides you with the IP address owner's contact information.

How do I run WHOIS lookup?

To perform a search, users only need to go to http://whois.icann.org, enter a domain name, and click "Lookup."


2 Answers

Install the stable release of dnspython from here

Then pip3 install ipwhois.

In [37]: from ipwhois import IPWhois

In [38]: obj = IPWhois('74.125.225.229')

In [39]: res=obj.lookup()

In [40]: res["nets"][0]['country']
Out[40]: 'US'

In [41]: res["nets"][0]['abuse_emails']
Out[41]: '[email protected]'

In [42]: from pprint import pprint

In [43]: pprint(res)
{'asn': '15169',
 'asn_cidr': '74.125.225.0/24',
 'asn_country_code': 'US',
 'asn_date': '2007-03-13',
 'asn_registry': 'arin',
 'nets': [{'abuse_emails': '[email protected]',
           'address': '1600 Amphitheatre Parkway',
           'cidr': '74.125.0.0/16',
           'city': 'Mountain View',
           'country': 'US',
           'created': '2007-03-13T00:00:00',
           'description': 'Google Inc.',
           'misc_emails': None,
           'name': 'GOOGLE',
           'postal_code': '94043',
           'state': 'CA',
           'tech_emails': '[email protected]',
           'updated': '2012-02-24T00:00:00'}],
 'query': '74.125.225.229',
 'raw': None}

HTTP:

In [44]: res=obj.lookup_rws()

In [45]: pprint(res)
{'asn': '15169',
 'asn_cidr': '74.125.225.0/24',
 'asn_country_code': 'US',
 'asn_date': '2007-03-13',
 'asn_registry': 'arin',
 'nets': [{'abuse_emails': '[email protected]',
           'address': '1600 Amphitheatre Parkway',
           'cidr': '74.125.0.0/16',
           'city': 'Mountain View',
           'country': 'US',
           'created': '2007-03-13T12:09:54-04:00',
           'description': 'Google Inc.',
           'misc_emails': None,
           'name': 'GOOGLE',
           'postal_code': '94043',
           'state': 'CA',
           'tech_emails': '[email protected]',
           'updated': '2012-02-24T09:44:34-05:00'}],
 'query': '74.125.225.229',
 'raw': None}

The API has changed, for the legacy ipwhois IPWhois.lookup() is deprecated as of v0.12.0 and will be removed. Legacy whois lookups were moved to IPWhois.lookup_whois()..

You can access that method, I have disabled warnings to be able to see the output, there are deprecated warnings that should be taken into account in real use cases:

In [30]: from warnings import filterwarnings

In [31]: filterwarnings( action="ignore")

In [32]: from ipwhois import IPWhois

In [33]: obj = IPWhois('74.125.225.229')

In [34]: obj.lookup_whois()
Out[34]: 
{'asn': '15169',
 'asn_cidr': '74.125.225.0/24',
 'asn_country_code': 'US',
 'asn_date': '2007-03-13',
 'asn_description': 'GOOGLE - Google Inc., US',
 'asn_registry': 'arin',
 'nets': [{'address': '1600 Amphitheatre Parkway',
   'cidr': '74.125.0.0/16',
   'city': 'Mountain View',
   'country': 'US',
   'created': '2007-03-13',
   'description': 'Google Inc.',
   'emails': ['[email protected]', '[email protected]'],
   'handle': 'NET-74-125-0-0-1',
   'name': 'GOOGLE',
   'postal_code': '94043',
   'range': '74.125.0.0 - 74.125.255.255',
   'state': 'CA',
   'updated': '2012-02-24'}],
 'nir': None,
 'query': '74.125.225.229',
 'raw': None,
 'raw_referral': None,
 'referral': None}

The docs state, IPWhois.lookup_rdap() is now the recommended lookup method. RDAP provides a far better data structure than legacy whois and REST lookups (previous implementation). RDAP queries allow for parsing of contact information and details for users, organizations, and groups. RDAP also provides more detailed network information.

But following the usage example verbatim, or adding the asn_methods=["whois"]), stills gives deprecation warnings so, again, that is something that needs to be addressed in actual use cases.

In [31]: from ipwhois import IPWhois

In [32]: obj = IPWhois('74.125.225.229')
/usr/local/lib/python3.6/site-packages/ipwhois/net.py:138: UserWarning: allow_permutations has been deprecated and will be removed. It is no longer needed, due to the deprecation of asn_alts, and the addition of the asn_methods argument.
  warn('allow_permutations has been deprecated and will be removed. '

In [33]:  obj.lookup_rdap(asn_methods=["whois"])
/usr/local/lib/python3.6/site-packages/ipwhois/asn.py:302: UserWarning: IPASN._parse_fields_whois() has been deprecated and will be removed. You should now use IPASN.parse_fields_whois().
  warn('IPASN._parse_fields_whois() has been deprecated and will be '
Out[33]: 
{'asn': '15169',
 'asn_cidr': '74.125.225.0/24',
 'asn_country_code': 'US',
 'asn_date': '2007-03-13',
 'asn_description': 'GOOGLE - Google Inc., US',
 'asn_registry': 'arin',
 'entities': ['GOGL'],
 'network': {'cidr': '74.125.0.0/16',
  'country': None,
  'end_address': '74.125.255.255',
  'events': [{'action': 'last changed',
    'actor': None,
    'timestamp': '2012-02-24T09:44:34-05:00'},
   {'action': 'registration',
    'actor': None,
    'timestamp': '2007-03-13T12:09:54-04:00'}],
  'handle': 'NET-74-125-0-0-1',
  'ip_version': 'v4',
  'links': ['https://rdap.arin.net/registry/ip/074.125.000.000',
   'https://whois.arin.net/rest/net/NET-74-125-0-0-1'],
  'name': 'GOOGLE',
  'notices': [{'description': 'By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use',
    'links': ['https://www.arin.net/whois_tou.html'],
    'title': 'Terms of Service'}],
  'parent_handle': 'NET-74-0-0-0-0',
  'raw': None,
  'remarks': None,
  'start_address': '74.125.0.0',
  'status': None,
  'type': None},
 'nir': None,
 'objects': {'GOGL': {'contact': {'address': [{'type': None,
      'value': '1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES'}],
    'email': None,
    'kind': 'org',
    'name': 'Google Inc.',
    'phone': None,
    'role': None,
    'title': None},
   'entities': ['ABUSE5250-ARIN', 'ZG39-ARIN'],
   'events': [{'action': 'last changed',
     'actor': None,
     'timestamp': '2017-01-28T08:32:29-05:00'},
    {'action': 'registration',
     'actor': None,
     'timestamp': '2000-03-30T00:00:00-05:00'}],
   'events_actor': None,
   'handle': 'GOGL',
   'links': ['https://rdap.arin.net/registry/entity/GOGL',
    'https://whois.arin.net/rest/org/GOGL'],
   'notices': None,
   'raw': None,
   'remarks': None,
   'roles': ['registrant'],
   'status': None}},
 'query': '74.125.225.229',
 'raw': None}
like image 170
Padraic Cunningham Avatar answered Oct 31 '22 04:10

Padraic Cunningham


An alternative easy solution that works with Python 3 now:

First import the following package:

pip install python-whois

Then execute the code:

import whois
w = whois.whois('74.125.225.229')
like image 36
Rene B. Avatar answered Oct 31 '22 06:10

Rene B.