Whois 简单来说,就是一个用来查询域名是否已经被注册,以及注册域名的详细信息的数据库(如域名所有人、域名注册商、域名注册日期和过期日期等)。通过域名Whois服务器查询,可以查询域名归属者联系方式,以及注册和到期时间。通常情况下,whois信息均为真实信息,通过whois信息可以找到域名注册人的很多真实信息,像电话,邮箱,NS记录,是对网站进行社工非常好的信息来源,对于安全从业人员来说,快速获取whois信息,能够帮助自己掌握目标网站的很多有用信息。
而whois信息通常是保存在各级域名注册机构中,平常我们要查询whois信息都是通过godaddy、name.com、万网、新网等域名注册商网站通过查询页面提交域名进行查询,既慢又不能批量查询,太费劲了,这里我就把我珍藏很久的一个PS function贡献给大家,这个脚本支持140多种后缀的域名进行查询,尤其是一些生僻的域,找一个能支持这个域注册的注册商就不容易了,现在你不需要再为这个事情发愁了。
老规矩,先上代码,然后对关键操作进行解释:
=====文件名:Get-whois.ps1===== function Get-WhoIs {<# Author:fuhj(powershell#live.cn ,http://fuhaijun.com) # Does a raw WHOIS query and returns the results#The simplest whois search#.Example#get-whois dnspod.com##This example is one that forwards to a second whois server ...#.Example#get-whois baidu.com -NoForward##Returns the partial results you get when you don"t follow forwarding to a new whois server#get-whois n 128.11.5.98 -server whois.arin.net##Does an ip lookup at arin.net#>[CmdletBinding()]param(# The query to send to WHOIS servers[Parameter(Position=0, ValueFromRemainingArguments=$true)][string]$query,# A specific whois server to search[string]$server,# Disable forwarding to new whois servers[switch]$NoForward)end {$TLDs = DATA { @{".com"= "whois.verisign-grs.com","whois.crsnic.net"".net"= "whois.verisign-grs.com","whois.crsnic.net"".org"= "whois.pir.org","whois.publicinterestregistry.net"".info"= "whois.afilias.info","whois.afilias.net"".biz"= "whois.neulevel.biz"".us"= "whois.nic.us"".uk"= "whois.nic.uk"".ca"= "whois.cira.ca"".tel"= "whois.nic.tel"".ie"= "whois.iedr.ie","whois.domainregistry.ie"".it"= "whois.nic.it"".li"= "whois.nic.li"".no"= "whois.norid.no"".cc"= "whois.nic.cc"".eu"= "whois.eu"".nu"= "whois.nic.nu"".au"= "whois.aunic.net","whois.ausregistry.net.au"".de"= "whois.denic.de"".ws"= "whois.worldsite.ws","whois.nic.ws","www.nic.ws"".sc"= "whois2.afilias-grs.net"".mobi" = "whois.dotmobiregistry.net"".pro"= "whois.registrypro.pro","whois.registry.pro"".edu"= "whois.educause.net","whois.crsnic.net"".tv"= "whois.nic.tv","tvwhois.verisign-grs.com"".travel"= "whois.nic.travel"".name" = "whois.nic.name"".in"= "whois.inregistry.net","whois.registry.in"".me"= "whois.nic.me","whois.meregistry.net"".at"= "whois.nic.at"".be"= "whois.dns.be"".cn"= "whois.cnnic.cn","whois.cnnic.net.cn"".edu.cn"="whois.edu.cn"".asia"= "whois.nic.asia"".ru"= "whois.ripn.ru","whois.ripn.net"".ro"= "whois.rotld.ro"".aero" = "whois.aero"".fr"= "whois.nic.fr"".se"= "whois.iis.se","whois.nic-se.se","whois.nic.se"".nl"= "whois.sidn.nl","whois.domain-registry.nl"".nz"= "whois.srs.net.nz","whois.domainz.net.nz"".mx"= "whois.nic.mx"".tw"= "whois.apnic.net","whois.twnic.net.tw"".ch"= "whois.nic.ch"".hk"= "whois.hknic.net.hk"".ac"= "whois.nic.ac"".ae"= "whois.nic.ae"".af"= "whois.nic.af"".ag"= "whois.nic.ag"".al"= "whois.ripe.net"".am"= "whois.amnic.net"".as"= "whois.nic.as"".az"= "whois.ripe.net"".ba"= "whois.ripe.net"".bg"= "whois.register.bg"".bi"= "whois.nic.bi"".bj"= "www.nic.bj"".br"= "whois.nic.br"".br.com"="whois.centralnic.net"".eu.org"="whois.eu.org"".bt"= "whois.netnames.net"".by"= "whois.ripe.net"".bz"= "whois.belizenic.bz"".cd"= "whois.nic.cd"".ck"= "whois.nic.ck"".cl"= "nic.cl"".coop"= "whois.nic.coop"".cx"= "whois.nic.cx"".cy"= "whois.ripe.net"".cz"= "whois.nic.cz"".dk"= "whois.dk-hostmaster.dk"".dm"= "whois.nic.cx"".dz"= "whois.ripe.net"".ee"= "whois.eenet.ee"".eg"= "whois.ripe.net"".es"= "whois.ripe.net"".fi"= "whois.ficora.fi"".fo"= "whois.ripe.net"".gb"= "whois.ripe.net"".ge"= "whois.ripe.net"".gl"= "whois.ripe.net"".gm"= "whois.ripe.net"".gov"= "whois.nic.gov"".gr"= "whois.ripe.net"".gs"= "whois.adamsnames.tc"".hm"= "whois.registry.hm"".hn"= "whois2.afilias-grs.net"".hr"= "whois.ripe.net"".hu"= "whois.ripe.net"".il"= "whois.isoc.org.il"".int"= "whois.isi.edu"".iq"= "vrx.net"".ir"= "whois.nic.ir"".is"= "whois.isnic.is"".je"= "whois.je"".jp"= "whois.jprs.jp"".kg"= "whois.domain.kg"".kr"= "whois.nic.or.kr"".la"= "whois2.afilias-grs.net"".lt"= "whois.domreg.lt"".lu"= "whois.restena.lu"".lv"= "whois.nic.lv"".ly"= "whois.lydomains.com"".ma"= "whois.iam.net.ma"".mc"= "whois.ripe.net"".md"= "whois.nic.md"".mil"= "whois.nic.mil"".mk"= "whois.ripe.net"".ms"= "whois.nic.ms"".mt"= "whois.ripe.net"".mu"= "whois.nic.mu"".my"= "whois.mynic.net.my"".nf"= "whois.nic.cx"".pl"= "whois.dns.pl"".pr"= "whois.nic.pr"".pt"= "whois.dns.pt"".sa"= "saudinic.net.sa"".sb"= "whois.nic.net.sb"".sg"= "whois.nic.net.sg"".sh"= "whois.nic.sh"".si"= "whois.arnes.si"".sk"= "whois.sk-nic.sk"".sm"= "whois.ripe.net"".st"= "whois.nic.st"".su"= "whois.ripn.net"".tc"= "whois.adamsnames.tc"".tf"= "whois.nic.tf"".th"= "whois.thnic.net"".tj"= "whois.nic.tj"".tk"= "whois.nic.tk"".tl"= "whois.domains.tl"".tm"= "whois.nic.tm"".tn"= "whois.ripe.net"".to"= "whois.tonic.to"".tp"= "whois.domains.tl"".tr"= "whois.nic.tr"".ua"= "whois.ripe.net"".uy"= "nic.uy"".uz"= "whois.cctld.uz"".va"= "whois.ripe.net"".vc"= "whois2.afilias-grs.net"".ve"= "whois.nic.ve"".vg"= "whois.adamsnames.tc"".yu"= "whois.ripe.net" }}$EAP, $ErrorActionPreference = $ErrorActionPreference, "Stop"$query = $query.Trim()if($query -match "(?:d{1,3}.){3}d{1,3}") {Write-Verbose "IP Lookup!"if($query -notmatch " ") {$query = "n $query"}if(!$server) { $server = "whois.arin.net" }} elseif(!$server) {$server = $TLDs.GetEnumerator() |Where { $query -like ("*"+$_.name) } |Select -Expand Value | Get-Random}if(!$server) { $server = "whois.arin.net" }$maxRequery = 3 do {Write-Verbose "Connecting to $server"$client = New-Object System.Net.Sockets.TcpClient $server, 43try {$stream = $client.GetStream()Write-Verbose "Sending Query: $query"$data = [System.Text.Encoding]::Ascii.GetBytes( $query + "`r`n" )$stream.Write($data, 0, $data.Length)Write-Verbose "Reading Response:"$reader = New-Object System.IO.StreamReader $stream, [System.Text.Encoding]::ASCII$result = $reader.ReadToEnd()if($result -match "(?s)Whois Server:s*(S+)s*") {Write-Warning "Recommended WHOIS server: ${server}"if(!$NoForward) {Write-verbose "Non-Authoritative Results:`n${result}"# cache, in case we can"t get an answer at the forwarderif(!$cachedResult) {$cachedResult = $result$cachedServer = $server}$server = $matches[1]$query = ($query -split " ")[-1]$maxRequery--} else { $maxRequery = 0 }} else { $maxRequery = 0 }} finally {if($stream) {$stream.Close()$stream.Dispose()}}} while ($maxRequery -gt 0)$resultif($cachedResult -and ($result -split "`n").count -lt 5) {Write-Warning "Original Result from ${cachedServer}:"$cachedResult}$ErrorActionPreference = $EAP} }函数里定义了三个参数,两个[string]类型,一个[switch]类型,分别用于接收要进行whois查询的域名,指定whois域名服务器,以及是否允许将查询请求转发到其他域名解析服务器。随后创建了一个枚举值的哈希表,目的是用于存储不同域名后缀和whois服务器的对应关系,因为不同的域名后缀对应的域名信息是存储在不同的服务器上的。需要强调的是像.com、.net、.org、.info这几个注册量特别大的域名后缀指定了多个whois服务器,避免查询量过大无法有效返回结果的问题。
接下来通过New-Object创建一个System.Net.Sockets.TcpClient的TCP对象,连接上面指定的whois服务器的43端口用于查询whois信息,在通过一个System.IO.StreamReader对象接收whois信息返回的数据,并对数据进行解析。除此之外再加上try{}cache{}finally{}进行容错处理,在数据解析是也用到了正则表达式用于匹配目标字符串。
程序的运行方法有如下四种:
get-whois dnspod.com
先看看dnspod在被腾讯收购后有没有更改whois信息,貌似鹅厂没有改过
get-whois jd.com –NoForward
get-whois n 128.11.5.98 -server whois.arin.net
易网时代-编程资源站