Better Whois
whois
is a command line tool to look up registration information for
domains, things like owner, location, and contact info. WHOIS (all
caps) is a protocol for querying databases of domain registration (and
other related) information. Each domain registrar is required to
maintain a database of the domains they register. I use it fairly
often when dealing with spammers and or looking at other security
issues. However, it has a few rough edges that need to be rounded off.
The whois
command takes the domain as argument and spits out some
data:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
|
There are lots of ways to get this information the browser as well, without the 50+ lines of disclaimers and terms of use, but it’s muscle memory for me.
The first trick for whois
is to use a smarter server. By default
whois
checks WHOIS server for the top-level domain i.e. for
apple.com, it check’s with com.whois-servers.net. That server
knows about all of the *.com domains, but it doesn’t necessary have
detailed information about them. Who holds the details depend on what
registrar was used. Getting the details often requires a recursive
look up, but, while WHOIS returns the name of the server to query,
whois
doesn’t support recursion.
Fortunately, someone has built a smart WHOIS server. geektools.com
is a proxy that supports the WHOIS protocol, but automatically handles
the recursion itself. We can tell whois
to use this server with the
-h
option and make a function:
1
|
|
One issue down, however my biggest annoyance is the what I tend to be looking up is domains I copied from my browser’s search bar. While no modern browses displays the leading “http://”, the all include it in the cut buffer when the domain is copied (“https://” is normally shown). I copy the domain, paste it on to the command line and have to edit it, usually after I’ve already hit enter. We’ll fix this with a little shell magic.
BASH has a modifier to remove substrings from the front of
variables. The form is ${foo#substring}
where foo is the variable
and substring
is what gets removed. So:
1 2 3 |
|
However, this will not strip a leading https. Fortunately, we can use BASH’s pattern matching to make it more flexible:
1 2 3 4 5 6 |
|
?(s)
is BASH speak for “match zero or one occurrence of the given
pattern (here s)”. It’s the equivalent of the Regexp /s?/
.
With this our function becomes:
1
|
|
and our rough edges are gone!