• 通过PowerShell获取域名whois信息


    Whois 简单来说,就是一个用来查询域名是否已经被注册,以及注册域名的详细信息的数据库(如域名所有人、域名注册商、域名注册日期和过期日期等)。通过域名Whois服务器查询,可以查询域名归属者联系方式,以及注册和到期时间。通常情况下,whois信息均为真实信息,通过whois信息可以找到域名注册人的很多真实信息,像电话,邮箱,NS记录,是对网站进行社工非常好的信息来源,对于安全从业人员来说,快速获取whois信息,能够帮助自己掌握目标网站的很多有用信息。

    而whois信息通常是保存在各级域名注册机构中,平常我们要查询whois信息都是通过godaddy、name.com、万网、新网等域名注册商网站通过查询页面提交域名进行查询,既慢又不能批量查询,太费劲了,这里我就把我珍藏很久的一个PS function贡献给大家,这个脚本支持140多种后缀的域名进行查询,尤其是一些生僻的域,找一个能支持这个域注册的注册商就不容易了,现在你不需要再为这个事情发愁了。

    老规矩,先上代码,然后对关键操作进行解释:

            =====文件名:Get-whois.ps1=====
     function Get-WhoIs {
    <# Author:fuhj(powershell#live.cn ,http://fuhaijun.com)  
        # Does a raw WHOIS query and returns the results
        #   The simplest whois search
        #.Example
        #   get-whois dnspod.com
        #
        #   This example is one that forwards to a second whois server ...
        #.Example
        #   get-whois baidu.com -NoForward
        #
        #   Returns the partial results you get when you don't follow forwarding to a new whois server
        #   get-whois n 128.11.5.98 -server whois.arin.net
        # 
        #   Does an ip lookup at arin.net
        #>
    
    
        [CmdletBinding()]
        param(
            # The query to send to WHOIS servers
            [Parameter(Position=0, ValueFromRemainingArguments=$true)]
            [string]$query,
    
            # A specific whois server to search
            [string]$server,
    
            # Disable forwarding to new whois servers
            [switch]$NoForward
        )
        end {
            $TLDs = DATA {
              @{
    
                ".com"=  "whois.verisign-grs.com","whois.crsnic.net"
                ".net"=  "whois.verisign-grs.com","whois.crsnic.net"
                ".org"=  "whois.pir.org","whois.publicinterestregistry.net"
                ".info"=  "whois.afilias.info","whois.afilias.net"
                ".biz"=  "whois.neulevel.biz"
                ".us"=  "whois.nic.us"
                ".uk"=  "whois.nic.uk"
                ".ca"=  "whois.cira.ca"
                ".tel"=  "whois.nic.tel"
                ".ie"=  "whois.iedr.ie","whois.domainregistry.ie"
                ".it"=  "whois.nic.it"
                ".li"=  "whois.nic.li"
                ".no"=  "whois.norid.no"
                ".cc"=  "whois.nic.cc"
                ".eu"=  "whois.eu"
                ".nu"=  "whois.nic.nu"
                ".au"=  "whois.aunic.net","whois.ausregistry.net.au"
                ".de"=  "whois.denic.de"
                ".ws"=  "whois.worldsite.ws","whois.nic.ws","www.nic.ws"
                ".sc"=  "whois2.afilias-grs.net"
                ".mobi"  =  "whois.dotmobiregistry.net"
                ".pro"=  "whois.registrypro.pro","whois.registry.pro"
                ".edu"=  "whois.educause.net","whois.crsnic.net"
                ".tv"=  "whois.nic.tv","tvwhois.verisign-grs.com"
                ".travel"    =  "whois.nic.travel"
                ".name"  =  "whois.nic.name"
                ".in"=  "whois.inregistry.net","whois.registry.in"
                ".me"=  "whois.nic.me","whois.meregistry.net"
                ".at"=  "whois.nic.at"
                ".be"=  "whois.dns.be"
                ".cn"=  "whois.cnnic.cn","whois.cnnic.net.cn"
                ".edu.cn"="whois.edu.cn"
                ".asia"=  "whois.nic.asia"
                ".ru"=  "whois.ripn.ru","whois.ripn.net"
                ".ro"=  "whois.rotld.ro"
                ".aero"  =  "whois.aero"
                ".fr"=  "whois.nic.fr"
                ".se"=  "whois.iis.se","whois.nic-se.se","whois.nic.se"
                ".nl"=  "whois.sidn.nl","whois.domain-registry.nl"
                ".nz"=  "whois.srs.net.nz","whois.domainz.net.nz"
                ".mx"=  "whois.nic.mx"
                ".tw"=  "whois.apnic.net","whois.twnic.net.tw"
                ".ch"=  "whois.nic.ch"
                ".hk"=  "whois.hknic.net.hk"
                ".ac"=  "whois.nic.ac"
                ".ae"=  "whois.nic.ae"
                ".af"=  "whois.nic.af"
                ".ag"=  "whois.nic.ag"
                ".al"=  "whois.ripe.net"
                ".am"=  "whois.amnic.net"
                ".as"=  "whois.nic.as"
                ".az"=  "whois.ripe.net"
                ".ba"=  "whois.ripe.net"
                ".bg"=  "whois.register.bg"
                ".bi"=  "whois.nic.bi"
                ".bj"=  "www.nic.bj"
                ".br"=  "whois.nic.br"
                ".br.com"="whois.centralnic.net"
                ".eu.org"="whois.eu.org"
                ".bt"=  "whois.netnames.net"
                ".by"=  "whois.ripe.net"
                ".bz"=  "whois.belizenic.bz"
                ".cd"=  "whois.nic.cd"
                ".ck"=  "whois.nic.ck"
                ".cl"=  "nic.cl"
                ".coop"=  "whois.nic.coop"
                ".cx"=  "whois.nic.cx"
                ".cy"=  "whois.ripe.net"
                ".cz"=  "whois.nic.cz"
                ".dk"=  "whois.dk-hostmaster.dk"
                ".dm"=  "whois.nic.cx"
                ".dz"=  "whois.ripe.net"
                ".ee"=  "whois.eenet.ee"
                ".eg"=  "whois.ripe.net"
                ".es"=  "whois.ripe.net"
                ".fi"=  "whois.ficora.fi"
                ".fo"=  "whois.ripe.net"
                ".gb"=  "whois.ripe.net"
                ".ge"=  "whois.ripe.net"
                ".gl"=  "whois.ripe.net"
                ".gm"=  "whois.ripe.net"
                ".gov"=  "whois.nic.gov"
                ".gr"=  "whois.ripe.net"
                ".gs"=  "whois.adamsnames.tc"
                ".hm"=  "whois.registry.hm"
                ".hn"=  "whois2.afilias-grs.net"
                ".hr"=  "whois.ripe.net"
                ".hu"=  "whois.ripe.net"
                ".il"=  "whois.isoc.org.il"
                ".int"=  "whois.isi.edu"
                ".iq"=  "vrx.net"
                ".ir"=  "whois.nic.ir"
                ".is"=  "whois.isnic.is"
                ".je"=  "whois.je"
                ".jp"=  "whois.jprs.jp"
                ".kg"=  "whois.domain.kg"
                ".kr"=  "whois.nic.or.kr"
                ".la"=  "whois2.afilias-grs.net"
                ".lt"=  "whois.domreg.lt"
                ".lu"=  "whois.restena.lu"
                ".lv"=  "whois.nic.lv"
                ".ly"=  "whois.lydomains.com"
                ".ma"=  "whois.iam.net.ma"
                ".mc"=  "whois.ripe.net"
                ".md"=  "whois.nic.md"
                ".mil"=  "whois.nic.mil"
                ".mk"=  "whois.ripe.net"
                ".ms"=  "whois.nic.ms"
                ".mt"=  "whois.ripe.net"
                ".mu"=  "whois.nic.mu"
                ".my"=  "whois.mynic.net.my"
                ".nf"=  "whois.nic.cx"
                ".pl"=  "whois.dns.pl"
                ".pr"=  "whois.nic.pr"
                ".pt"=  "whois.dns.pt"
                ".sa"=  "saudinic.net.sa"
                ".sb"=  "whois.nic.net.sb"
                ".sg"=  "whois.nic.net.sg"
                ".sh"=  "whois.nic.sh"
                ".si"=  "whois.arnes.si"
                ".sk"=  "whois.sk-nic.sk"
                ".sm"=  "whois.ripe.net"
                ".st"=  "whois.nic.st"
                ".su"=  "whois.ripn.net"
                ".tc"=  "whois.adamsnames.tc"
                ".tf"=  "whois.nic.tf"
                ".th"=  "whois.thnic.net"
                ".tj"=  "whois.nic.tj"
                ".tk"=  "whois.nic.tk"
                ".tl"=  "whois.domains.tl"
                ".tm"=  "whois.nic.tm"
                ".tn"=  "whois.ripe.net"
                ".to"=  "whois.tonic.to"
                ".tp"=  "whois.domains.tl"
                ".tr"=  "whois.nic.tr"
                ".ua"=  "whois.ripe.net"
                ".uy"=  "nic.uy"
                ".uz"=  "whois.cctld.uz"
                ".va"=  "whois.ripe.net"
                ".vc"=  "whois2.afilias-grs.net"
                ".ve"=  "whois.nic.ve"
                ".vg"=  "whois.adamsnames.tc"
                ".yu"=  "whois.ripe.net"
              }
            }
    
            $EAP, $ErrorActionPreference = $ErrorActionPreference, "Stop"
    
            $query = $query.Trim()
    
            if($query -match "(?:d{1,3}.){3}d{1,3}") {
                Write-Verbose "IP Lookup!"
                if($query -notmatch " ") {
                    $query = "n $query"
                }
                if(!$server) { $server = "whois.arin.net" }
            } elseif(!$server) {
                $server = $TLDs.GetEnumerator() |
                    Where { $query -like  ("*"+$_.name) } |
                    Select -Expand Value | Get-Random
            }
    
            if(!$server) { $server = "whois.arin.net" }
            $maxRequery = 3 
    
            do {
                Write-Verbose "Connecting to $server"
                $client = New-Object System.Net.Sockets.TcpClient $server, 43
    
                try {
                    $stream = $client.GetStream()
    
                    Write-Verbose "Sending Query: $query"
                    $data = [System.Text.Encoding]::Ascii.GetBytes( $query + "`r`n" )
                    $stream.Write($data, 0, $data.Length)
    
                    Write-Verbose "Reading Response:"
                    $reader = New-Object System.IO.StreamReader $stream, [System.Text.Encoding]::ASCII
    
                    $result = $reader.ReadToEnd()
    
                    if($result -match "(?s)Whois Server:s*(S+)s*") {
                        Write-Warning "Recommended WHOIS server: ${server}"
                        if(!$NoForward) {
                            Write-verbose "Non-Authoritative Results:`n${result}"
                            # cache, in case we can't get an answer at the forwarder
                            if(!$cachedResult) {
                                $cachedResult = $result
                                $cachedServer = $server
                            }
                            $server = $matches[1]
                            $query = ($query -split " ")[-1]
                            $maxRequery--
                        } else { $maxRequery = 0 }
                    } else { $maxRequery = 0 }
                } finally {
                    if($stream) {
                        $stream.Close()
                        $stream.Dispose()
                    }
                }
            } while ($maxRequery -gt 0)
    
            $result
    
            if($cachedResult -and ($result -split "`n").count -lt 5) {
                Write-Warning "Original Result from ${cachedServer}:"
                $cachedResult
            }
    
            $ErrorActionPreference = $EAP
        }
     }

    函数里定义了三个参数,两个[string]类型,一个[switch]类型,分别用于接收要进行whois查询的域名,指定whois域名服务器,以及是否允许将查询请求转发到其他域名解析服务器。随后创建了一个枚举值的哈希表,目的是用于存储不同域名后缀和whois服务器的对应关系,因为不同的域名后缀对应的域名信息是存储在不同的服务器上的。需要强调的是像.com、.net、.org、.info这几个注册量特别大的域名后缀指定了多个whois服务器,避免查询量过大无法有效返回结果的问题。

    接下来通过New-Object创建一个System.Net.Sockets.TcpClient的TCP对象,连接上面指定的whois服务器的43端口用于查询whois信息,在通过一个System.IO.StreamReader对象接收whois信息返回的数据,并对数据进行解析。除此之外再加上try{}cache{}finally{}进行容错处理,在数据解析是也用到了正则表达式用于匹配目标字符串。

    程序的运行方法有如下四种:

    get-whois dnspod.com

    先看看dnspod在被腾讯收购后有没有更改whois信息,貌似鹅厂没有改过

    image
    get-whois jd.com –NoForward

    image
    get-whois n 128.11.5.98 -server whois.arin.net

     image

     

    作者: 付海军
    出处:http://fuhj02.cnblogs.com
    版权:本文版权归作者和博客园共有
    转载:欢迎转载,为了保存作者的创作热情,请按要求【转载】,谢谢
    要求:未经作者同意,必须保留此段声明;必须在文章中给出原文连接;否则必究法律责任
    个人网站: http://www.fuhaijun.com/

  • 相关阅读:
    【Intellij】Intellij Idea 2017创建web项目及tomcat部署实战
    【IntelliJ 】IntelliJ IDEA 15 创建maven项目
    【IntelliJ】IntelliJ IDEA的安装破解及使用
    maven坐标查询
    【PowerDesigner】PowerDesigner之CDM、PDM、SQL之间转换
    【c3p0】 C3P0的三种配置方式以及基本配置项详解
    LinkedHashMap和HashMap的比较使用
    【全局变量】mysql查看全局变量以及设置全局变量的值
    Redis总结
    Java高概率面试题目—finally
  • 原文地址:https://www.cnblogs.com/fuhj02/p/4010349.html
Copyright © 2020-2023  润新知