Better Whois
whois
is a command line tool to look up registration information for
domains, things like owner, location, and contact info. WHOIS (all
caps) is a protocol for querying databases of domain registration (and
other related) information. Each domain registrar is required to
maintain a database of the domains they register. I use it fairly
often when dealing with spammers and or looking at other security
issues. However, it has a few rough edges that need to be rounded off.
The whois
command takes the domain as argument and spits out some
data:
whois stuff-thing.net
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: STUFF-THINGS.NET
Registrar: NETWORK SOLUTIONS, LLC.
Sponsoring Registrar IANA ID: 2
Whois Server: whois.networksolutions.com
Referral URL: http://networksolutions.com
[...]
There are lots of ways to get this information the browser as well, without the 50+ lines of disclaimers and terms of use, but it’s muscle memory for me.
The first trick for whois
is to use a smarter server. By default
whois
checks WHOIS server for the top-level domain i.e. for
apple.com, it check’s with com.whois-servers.net. That server
knows about all of the *.com domains, but it doesn’t necessary have
detailed information about them. Who holds the details depend on what
registrar was used. Getting the details often requires a recursive
look up, but, while WHOIS returns the name of the server to query,
whois
doesn’t support recursion.
Fortunately, someone has built a smart WHOIS server. geektools.com
is a proxy that supports the WHOIS protocol, but automatically handles
the recursion itself. We can tell whois
to use this server with the
-h
option and make a function:
function whois() { /usr/bin/whois -h geektools.com $@}
One issue down, however my biggest annoyance is the what I tend to be looking up is domains I copied from my browser’s search bar. While no modern browses displays the leading “http://”, the all include it in the cut buffer when the domain is copied (“https://” is normally shown). I copy the domain, paste it on to the command line and have to edit it, usually after I’ve already hit enter. We’ll fix this with a little shell magic.
BASH has a modifier to remove substrings from the front of
variables. The form is ${foo#substring}
where foo is the variable
and substring
is what gets removed. So:
foo=http://apple.com
echo ${foo#http://}
apple.com
However, this will not strip a leading https. Fortunately, we can use BASH’s pattern matching to make it more flexible:
foo=http://apple.com
echo ${foo#http?(s)://}
apple.com
foo=https://google.com
echo ${foo#http?(s)://}
google.com
?(s)
is BASH speak for “match zero or one occurrence of the given
pattern (here s)”. It’s the equivalent of the Regexp /s?/
.
With this our function becomes:
function whois() { /usr/bin/whois -h geektools.com ${@##http?(s)://}; }
and our rough edges are gone!
Comments