Better Whois

February 1, 2017 2 minute read

whois is a command line tool to look up registration information for domains, things like owner, location, and contact info. WHOIS (all caps) is a protocol for querying databases of domain registration (and other related) information. Each domain registrar is required to maintain a database of the domains they register. I use it fairly often when dealing with spammers and or looking at other security issues. However, it has a few rough edges that need to be rounded off. The whois command takes the domain as argument and spits out some data:

whois stuff-thing.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: STUFF-THINGS.NET
   Registrar: NETWORK SOLUTIONS, LLC.
   Sponsoring Registrar IANA ID: 2
   Whois Server: whois.networksolutions.com
   Referral URL: http://networksolutions.com
[...]

There are lots of ways to get this information the browser as well, without the 50+ lines of disclaimers and terms of use, but it’s muscle memory for me.

The first trick for whois is to use a smarter server. By default whois checks WHOIS server for the top-level domain i.e. for apple.com, it check’s with com.whois-servers.net. That server knows about all of the *.com domains, but it doesn’t necessary have detailed information about them. Who holds the details depend on what registrar was used. Getting the details often requires a recursive look up, but, while WHOIS returns the name of the server to query, whois doesn’t support recursion.

Fortunately, someone has built a smart WHOIS server. geektools.com is a proxy that supports the WHOIS protocol, but automatically handles the recursion itself. We can tell whois to use this server with the -h option and make a function:

function whois() { /usr/bin/whois -h geektools.com $@}

One issue down, however my biggest annoyance is the what I tend to be looking up is domains I copied from my browser’s search bar. While no modern browses displays the leading “http://”, the all include it in the cut buffer when the domain is copied (“https://” is normally shown). I copy the domain, paste it on to the command line and have to edit it, usually after I’ve already hit enter. We’ll fix this with a little shell magic.

BASH has a modifier to remove substrings from the front of variables. The form is ${foo#substring} where foo is the variable and substring is what gets removed. So:

foo=http://apple.com
echo ${foo#http://}
apple.com

However, this will not strip a leading https. Fortunately, we can use BASH’s pattern matching to make it more flexible:

foo=http://apple.com
echo ${foo#http?(s)://}
apple.com
foo=https://google.com
echo ${foo#http?(s)://}
google.com

?(s) is BASH speak for “match zero or one occurrence of the given pattern (here s)”. It’s the equivalent of the Regexp /s?/.

With this our function becomes:

function whois() { /usr/bin/whois -h geektools.com ${@##http?(s)://}; }

and our rough edges are gone!

Twitter Facebook LinkedIn

Spike

Better Whois

Comments

You May Also Enjoy

Mermaid Diagramming in Jekyll in 2025

Using Solid Queue in Development with Docker and on Heroku

Taking the Pain Out of PHP Development with Docker Compose

Building Emacs 27.1 on macOS Big Sur