Geek Answers Handbook

How to get WhoIs information by IP in Python 3?

Note. This is not a matter of recommending a library. It is more about possible approaches to the problem.

Question: What approaches can be traced from WhoIs information from a given IP address in Python 3? The result should contain at least:

  • Registering country
  • Name, address, email address of the email service provider
  • If registered, domain name
  • Registration and Expiration Dates
  • Bonus points if the result is not plain text and the information above is structured.

I am not looking for wrappers around the whois shell, since the program should work under Windows.

Before asking this question, google gave me the following libraries:

The following startup errors during installation through pip or during import:

  • BulkWhois
  • WhoisClient
  • cymruwhois
  • dwhois
  • ipwhois
  • pyiptools
  • python-whois
  • pywhois
  • uwhoisd
  • whois
  • whoislookup
  • whoispy

The following libraries work in Python 3, however they do the opposite of what I want - they look for a domain name, not an IP address:

  • nicnames
  • pythonwhois

Before asking a question, I asked the following questions:

  • How to run a WHOIS search using PHP or Python?
  • python whois for windows
  • https://stackoverflow.com/questions/16753309/python-whois-library
+7
python whois
source share
1 answer

Install stable dnspython release from here

Then pip3 install ipwhois .

 In [37]: from ipwhois import IPWhois In [38]: obj = IPWhois('74.125.225.229') In [39]: res=obj.lookup() In [40]: res["nets"][0]['country'] Out[40]: 'US' In [41]: res["nets"][0]['abuse_emails'] Out[41]: ' arin-contact@google.com ' In [42]: from pprint import pprint In [43]: pprint(res) {'asn': '15169', 'asn_cidr': '74.125.225.0/24', 'asn_country_code': 'US', 'asn_date': '2007-03-13', 'asn_registry': 'arin', 'nets': [{'abuse_emails': ' arin-contact@google.com ', 'address': '1600 Amphitheatre Parkway', 'cidr': '74.125.0.0/16', 'city': 'Mountain View', 'country': 'US', 'created': '2007-03-13T00:00:00', 'description': 'Google Inc.', 'misc_emails': None, 'name': 'GOOGLE', 'postal_code': '94043', 'state': 'CA', 'tech_emails': ' arin-contact@google.com ', 'updated': '2012-02-24T00:00:00'}], 'query': '74.125.225.229', 'raw': None}

HTTP:

 In [44]: res=obj.lookup_rws() In [45]: pprint(res) {'asn': '15169', 'asn_cidr': '74.125.225.0/24', 'asn_country_code': 'US', 'asn_date': '2007-03-13', 'asn_registry': 'arin', 'nets': [{'abuse_emails': ' arin-contact@google.com ', 'address': '1600 Amphitheatre Parkway', 'cidr': '74.125.0.0/16', 'city': 'Mountain View', 'country': 'US', 'created': '2007-03-13T12:09:54-04:00', 'description': 'Google Inc.', 'misc_emails': None, 'name': 'GOOGLE', 'postal_code': '94043', 'state': 'CA', 'tech_emails': ' arin-contact@google.com ', 'updated': '2012-02-24T09:44:34-05:00'}], 'query': '74.125.225.229', 'raw': None}

The API has changed, for legacy ipwhois IPWhois.lookup () is deprecated from version v0.12.0 and will be removed. The legacy of whois lookups has been ported to IPWhois.lookup_whois () ..

You can access this method, I turned off the warnings to see the result, there are outdated warnings that should be considered in real-world use cases:

 In [30]: from warnings import filterwarnings In [31]: filterwarnings( action="ignore") In [32]: from ipwhois import IPWhois In [33]: obj = IPWhois('74.125.225.229') In [34]: obj.lookup_whois() Out[34]: {'asn': '15169', 'asn_cidr': '74.125.225.0/24', 'asn_country_code': 'US', 'asn_date': '2007-03-13', 'asn_description': 'GOOGLE - Google Inc., US', 'asn_registry': 'arin', 'nets': [{'address': '1600 Amphitheatre Parkway', 'cidr': '74.125.0.0/16', 'city': 'Mountain View', 'country': 'US', 'created': '2007-03-13', 'description': 'Google Inc.', 'emails': [' arin-contact@google.com ', ' network-abuse@google.com '], 'handle': 'NET-74-125-0-0-1', 'name': 'GOOGLE', 'postal_code': '94043', 'range': '74.125.0.0 - 74.125.255.255', 'state': 'CA', 'updated': '2012-02-24'}], 'nir': None, 'query': '74.125.225.229', 'raw': None, 'raw_referral': None, 'referral': None}

The status of documents, IPWhois.lookup_rdap () is now the recommended search method. RDAP provides a much better data structure than previous whois and REST requests (previous implementation). RDAP queries allow you to analyze contact information and data for users, organizations, and groups. RDAP also provides more detailed information about the network.

But following an example of using verbatim or adding asn_methods=["whois"]) , the frames give warnings about the failure, so again this is what you need to consider in real-life use cases.

 In [31]: from ipwhois import IPWhois In [32]: obj = IPWhois('74.125.225.229') /usr/local/lib/python3.6/site-packages/ipwhois/net.py:138: UserWarning: allow_permutations has been deprecated and will be removed. It is no longer needed, due to the deprecation of asn_alts, and the addition of the asn_methods argument. warn('allow_permutations has been deprecated and will be removed. ' In [33]: obj.lookup_rdap(asn_methods=["whois"]) /usr/local/lib/python3.6/site-packages/ipwhois/asn.py:302: UserWarning: IPASN._parse_fields_whois() has been deprecated and will be removed. You should now use IPASN.parse_fields_whois(). warn('IPASN._parse_fields_whois() has been deprecated and will be ' Out[33]: {'asn': '15169', 'asn_cidr': '74.125.225.0/24', 'asn_country_code': 'US', 'asn_date': '2007-03-13', 'asn_description': 'GOOGLE - Google Inc., US', 'asn_registry': 'arin', 'entities': ['GOGL'], 'network': {'cidr': '74.125.0.0/16', 'country': None, 'end_address': '74.125.255.255', 'events': [{'action': 'last changed', 'actor': None, 'timestamp': '2012-02-24T09:44:34-05:00'}, {'action': 'registration', 'actor': None, 'timestamp': '2007-03-13T12:09:54-04:00'}], 'handle': 'NET-74-125-0-0-1', 'ip_version': 'v4', 'links': ['https://rdap.arin.net/registry/ip/074.125.000.000', 'https://whois.arin.net/rest/net/NET-74-125-0-0-1'], 'name': 'GOOGLE', 'notices': [{'description': 'By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use', 'links': ['https://www.arin.net/whois_tou.html'], 'title': 'Terms of Service'}], 'parent_handle': 'NET-74-0-0-0-0', 'raw': None, 'remarks': None, 'start_address': '74.125.0.0', 'status': None, 'type': None}, 'nir': None, 'objects': {'GOGL': {'contact': {'address': [{'type': None, 'value': '1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES'}], 'email': None, 'kind': 'org', 'name': 'Google Inc.', 'phone': None, 'role': None, 'title': None}, 'entities': ['ABUSE5250-ARIN', 'ZG39-ARIN'], 'events': [{'action': 'last changed', 'actor': None, 'timestamp': '2017-01-28T08:32:29-05:00'}, {'action': 'registration', 'actor': None, 'timestamp': '2000-03-30T00:00:00-05:00'}], 'events_actor': None, 'handle': 'GOGL', 'links': ['https://rdap.arin.net/registry/entity/GOGL', 'https://whois.arin.net/rest/org/GOGL'], 'notices': None, 'raw': None, 'remarks': None, 'roles': ['registrant'], 'status': None}}, 'query': '74.125.225.229', 'raw': None}
+9
source share

More articles:


All Articles