PowerShell小技巧之获取域名whois信息_PowerShell

Whois 简单来说,就是一个用来查询域名是否已经被注册,以及注册域名的详细信息的数据库(如域名所有人、域名注册商、域名注册日期和过期日期等)。通过域名Whois服务器查询,可以查询域名归属者联系方式,以及注册和到期时间。通常情况下,whois信息均为真实信息,通过whois信息可以找到域名注册人的很多真实信息,像电话,邮箱,NS记录,是对网站进行社工非常好的信息来源,对于安全从业人员来说,快速获取whois信息,能够帮助自己掌握目标网站的很多有用信息。

而whois信息通常是保存在各级域名注册机构中,平常我们要查询whois信息都是通过godaddy、name.com、万网、新网等域名注册商网站通过查询页面提交域名进行查询,既慢又不能批量查询,太费劲了,这里我就把我珍藏很久的一个PS function贡献给大家,这个脚本支持140多种后缀的域名进行查询,尤其是一些生僻的域,找一个能支持这个域注册的注册商就不容易了,现在你不需要再为这个事情发愁了。

老规矩,先上代码,然后对关键操作进行解释:

=====文件名:Get-whois.ps1=====
 function Get-WhoIs {
<# Author:fuhj(powershell#live.cn ,http://fuhaijun.com)
  # Does a raw WHOIS query and returns the results
  #  The simplest whois search
  #.Example
  #  get-whois dnspod.com
  #
  #  This example is one that forwards to a second whois server ...
  #.Example
  #  get-whois baidu.com -NoForward
  #
  #  Returns the partial results you get when you don't follow forwarding to a new whois server
  #  get-whois n 128.11.5.98 -server whois.arin.net
  #
  #  Does an ip lookup at arin.net
  #>

  [CmdletBinding()]
  param(
    # The query to send to WHOIS servers
    [Parameter(Position=0, ValueFromRemainingArguments=$true)]
    [string]$query,

    # A specific whois server to search
    [string]$server,

    # Disable forwarding to new whois servers
    [switch]$NoForward
  )
  end {
    $TLDs = DATA {
     @{

      ".com"= "whois.verisign-grs.com","whois.crsnic.net"
      ".net"= "whois.verisign-grs.com","whois.crsnic.net"
      ".org"= "whois.pir.org","whois.publicinterestregistry.net"
      ".info"= "whois.afilias.info","whois.afilias.net"
      ".biz"= "whois.neulevel.biz"
      ".us"= "whois.nic.us"
      ".uk"= "whois.nic.uk"
      ".ca"= "whois.cira.ca"
      ".tel"= "whois.nic.tel"
      ".ie"= "whois.iedr.ie","whois.domainregistry.ie"
      ".it"= "whois.nic.it"
      ".li"= "whois.nic.li"
      ".no"= "whois.norid.no"
      ".cc"= "whois.nic.cc"
      ".eu"= "whois.eu"
      ".nu"= "whois.nic.nu"
      ".au"= "whois.aunic.net","whois.ausregistry.net.au"
      ".de"= "whois.denic.de"
      ".ws"= "whois.worldsite.ws","whois.nic.ws","www.nic.ws"
      ".sc"= "whois2.afilias-grs.net"
      ".mobi" = "whois.dotmobiregistry.net"
      ".pro"= "whois.registrypro.pro","whois.registry.pro"
      ".edu"= "whois.educause.net","whois.crsnic.net"
      ".tv"= "whois.nic.tv","tvwhois.verisign-grs.com"
      ".travel"  = "whois.nic.travel"
      ".name" = "whois.nic.name"
      ".in"= "whois.inregistry.net","whois.registry.in"
      ".me"= "whois.nic.me","whois.meregistry.net"
      ".at"= "whois.nic.at"
      ".be"= "whois.dns.be"
      ".cn"= "whois.cnnic.cn","whois.cnnic.net.cn"
      ".edu.cn"="whois.edu.cn"
      ".asia"= "whois.nic.asia"
      ".ru"= "whois.ripn.ru","whois.ripn.net"
      ".ro"= "whois.rotld.ro"
      ".aero" = "whois.aero"
      ".fr"= "whois.nic.fr"
      ".se"= "whois.iis.se","whois.nic-se.se","whois.nic.se"
      ".nl"= "whois.sidn.nl","whois.domain-registry.nl"
      ".nz"= "whois.srs.net.nz","whois.domainz.net.nz"
      ".mx"= "whois.nic.mx"
      ".tw"= "whois.apnic.net","whois.twnic.net.tw"
      ".ch"= "whois.nic.ch"
      ".hk"= "whois.hknic.net.hk"
      ".ac"= "whois.nic.ac"
      ".ae"= "whois.nic.ae"
      ".af"= "whois.nic.af"
      ".ag"= "whois.nic.ag"
      ".al"= "whois.ripe.net"
      ".am"= "whois.amnic.net"
      ".as"= "whois.nic.as"
      ".az"= "whois.ripe.net"
      ".ba"= "whois.ripe.net"
      ".bg"= "whois.register.bg"
      ".bi"= "whois.nic.bi"
      ".bj"= "www.nic.bj"
      ".br"= "whois.nic.br"
      ".br.com"="whois.centralnic.net"
      ".eu.org"="whois.eu.org"
      ".bt"= "whois.netnames.net"
      ".by"= "whois.ripe.net"
      ".bz"= "whois.belizenic.bz"
      ".cd"= "whois.nic.cd"
      ".ck"= "whois.nic.ck"
      ".cl"= "nic.cl"
      ".coop"= "whois.nic.coop"
      ".cx"= "whois.nic.cx"
      ".cy"= "whois.ripe.net"
      ".cz"= "whois.nic.cz"
      ".dk"= "whois.dk-hostmaster.dk"
      ".dm"= "whois.nic.cx"
      ".dz"= "whois.ripe.net"
      ".ee"= "whois.eenet.ee"
      ".eg"= "whois.ripe.net"
      ".es"= "whois.ripe.net"
      ".fi"= "whois.ficora.fi"
      ".fo"= "whois.ripe.net"
      ".gb"= "whois.ripe.net"
      ".ge"= "whois.ripe.net"
      ".gl"= "whois.ripe.net"
      ".gm"= "whois.ripe.net"
      ".gov"= "whois.nic.gov"
      ".gr"= "whois.ripe.net"
      ".gs"= "whois.adamsnames.tc"
      ".hm"= "whois.registry.hm"
      ".hn"= "whois2.afilias-grs.net"
      ".hr"= "whois.ripe.net"
      ".hu"= "whois.ripe.net"
      ".il"= "whois.isoc.org.il"
      ".int"= "whois.isi.edu"
      ".iq"= "vrx.net"
      ".ir"= "whois.nic.ir"
      ".is"= "whois.isnic.is"
      ".je"= "whois.je"
      ".jp"= "whois.jprs.jp"
      ".kg"= "whois.domain.kg"
      ".kr"= "whois.nic.or.kr"
      ".la"= "whois2.afilias-grs.net"
      ".lt"= "whois.domreg.lt"
      ".lu"= "whois.restena.lu"
      ".lv"= "whois.nic.lv"
      ".ly"= "whois.lydomains.com"
      ".ma"= "whois.iam.net.ma"
      ".mc"= "whois.ripe.net"
      ".md"= "whois.nic.md"
      ".mil"= "whois.nic.mil"
      ".mk"= "whois.ripe.net"
      ".ms"= "whois.nic.ms"
      ".mt"= "whois.ripe.net"
      ".mu"= "whois.nic.mu"
      ".my"= "whois.mynic.net.my"
      ".nf"= "whois.nic.cx"
      ".pl"= "whois.dns.pl"
      ".pr"= "whois.nic.pr"
      ".pt"= "whois.dns.pt"
      ".sa"= "saudinic.net.sa"
      ".sb"= "whois.nic.net.sb"
      ".sg"= "whois.nic.net.sg"
      ".sh"= "whois.nic.sh"
      ".si"= "whois.arnes.si"
      ".sk"= "whois.sk-nic.sk"
      ".sm"= "whois.ripe.net"
      ".st"= "whois.nic.st"
      ".su"= "whois.ripn.net"
      ".tc"= "whois.adamsnames.tc"
      ".tf"= "whois.nic.tf"
      ".th"= "whois.thnic.net"
      ".tj"= "whois.nic.tj"
      ".tk"= "whois.nic.tk"
      ".tl"= "whois.domains.tl"
      ".tm"= "whois.nic.tm"
      ".tn"= "whois.ripe.net"
      ".to"= "whois.tonic.to"
      ".tp"= "whois.domains.tl"
      ".tr"= "whois.nic.tr"
      ".ua"= "whois.ripe.net"
      ".uy"= "nic.uy"
      ".uz"= "whois.cctld.uz"
      ".va"= "whois.ripe.net"
      ".vc"= "whois2.afilias-grs.net"
      ".ve"= "whois.nic.ve"
      ".vg"= "whois.adamsnames.tc"
      ".yu"= "whois.ripe.net"
     }
    }

    $EAP, $ErrorActionPreference = $ErrorActionPreference, "Stop"

    $query = $query.Trim()

    if($query -match "(?:\d{1,3}\.){3}\d{1,3}") {
      Write-Verbose "IP Lookup!"
      if($query -notmatch " ") {
        $query = "n $query"
      }
      if(!$server) { $server = "whois.arin.net" }
    } elseif(!$server) {
      $server = $TLDs.GetEnumerator() |
        Where { $query -like ("*"+$_.name) } |
        Select -Expand Value | Get-Random
    }

    if(!$server) { $server = "whois.arin.net" }
    $maxRequery = 3 

    do {
      Write-Verbose "Connecting to $server"
      $client = New-Object System.Net.Sockets.TcpClient $server, 43

      try {
        $stream = $client.GetStream()

        Write-Verbose "Sending Query: $query"
        $data = [System.Text.Encoding]::Ascii.GetBytes( $query + "`r`n" )
        $stream.Write($data, 0, $data.Length)

        Write-Verbose "Reading Response:"
        $reader = New-Object System.IO.StreamReader $stream, [System.Text.Encoding]::ASCII

        $result = $reader.ReadToEnd()

        if($result -match "(?s)Whois Server:\s*(\S+)\s*") {
          Write-Warning "Recommended WHOIS server: ${server}"
          if(!$NoForward) {
            Write-verbose "Non-Authoritative Results:`n${result}"
            # cache, in case we can't get an answer at the forwarder
            if(!$cachedResult) {
              $cachedResult = $result
              $cachedServer = $server
            }
            $server = $matches[1]
            $query = ($query -split " ")[-1]
            $maxRequery--
          } else { $maxRequery = 0 }
        } else { $maxRequery = 0 }
      } finally {
        if($stream) {
          $stream.Close()
          $stream.Dispose()
        }
      }
    } while ($maxRequery -gt 0)

    $result

    if($cachedResult -and ($result -split "`n").count -lt 5) {
      Write-Warning "Original Result from ${cachedServer}:"
      $cachedResult
    }

    $ErrorActionPreference = $EAP
  }
 }

函数里定义了三个参数,两个[string]类型,一个[switch]类型,分别用于接收要进行whois查询的域名,指定whois域名服务器,以及是否允许将查询请求转发到其他域名解析服务器。随后创建了一个枚举值的哈希表,目的是用于存储不同域名后缀和whois服务器的对应关系,因为不同的域名后缀对应的域名信息是存储在不同的服务器上的。需要强调的是像.com、.net、.org、.info这几个注册量特别大的域名后缀指定了多个whois服务器,避免查询量过大无法有效返回结果的问题。

接下来通过New-Object创建一个System.Net.Sockets.TcpClient的TCP对象,连接上面指定的whois服务器的43端口用于查询whois信息,在通过一个System.IO.StreamReader对象接收whois信息返回的数据,并对数据进行解析。除此之外再加上try{}cache{}finally{}进行容错处理,在数据解析是也用到了正则表达式用于匹配目标字符串。

程序的运行方法有如下四种:

get-whois dnspod.com

先看看dnspod在被腾讯收购后有没有更改whois信息,貌似鹅厂没有改过

get-whois jd.com –NoForward

get-whois n 128.11.5.98 -server whois.arin.net

 

以上是小编为您精心准备的的内容,在的博客、问答、公众号、人物、课程等栏目也有的相关内容,欢迎继续使用右上角搜索按钮进行搜索域名
, 获取
, whois
PowerShell小技巧
powershell whois、域名whois查询、域名whois、域名whois查询工具、域名whois批量查询,以便于您获取更多的相关知识。

时间: 2024-09-17 04:28:48

PowerShell小技巧之获取域名whois信息_PowerShell的相关文章

Powershell小技巧之获取当前的时间并转换为时辰_PowerShell

午时三刻已到,行刑,刀下留人,现在到底是不是午时,能否让PowerShell告诉我呢? 好的, 没问题.从晚上23点到凌晨2点之间属于子时,每两个小时一个时辰,依次为"子丑寅卯辰巳午未申酉戌亥". 函数获取当前时辰 用PowerShell脚本实现: function Get-ChinaTimeAlias { param( [ValidateRange(0,23)] [int]$Hour = (get-date).Hour ) $timeAliasArray='子丑寅卯辰巳午未申酉戌亥'

Powershell小技巧之判断是否包涵大小写_PowerShell

使用正则表达式可以检查一个字符中是否包涵一个大写字母: $text1 = 'this is all lower-case' $text2 = 'this is NOT all lower-case' $text1 -cmatch '[A-Z]' $text2 -cmatch '[A-Z]' 结果将返回"true"或"false" 反过来检查是否包含小写,可以尝试这样: $text1 = 'this is all lower-case' $text2 = 'this

Powershell小技巧之去除多余的空格_PowerShell

要去去除多余的空格,请尝试下面正则表达式: PS> '[ Man, it works! ]' -replace '\s{2,}', ' ' [ Man, it works! ] 你也可以用这个方法转换成固定格式的CSV表格: PS> (qprocess) -replace '\s{2,}', ',' >tobias,console,1,3876,taskhostex.exe >tobias,console,1,3844,explorer.exe >tobias,console

Powershell小技巧之使用Update-TypeData扩展类型系统_PowerShell

脚本 Update-TypeData -TypeName 'System.DateTime' -MemberName '时辰' -MemberType 'ScriptProperty' -Value { $timeAliasArray='子丑寅卯辰巳午未申酉戌亥' $hour = $this.Hour [int]$index=0 if($hour -eq 22){ $index=11 } else{ $index=[math]::Floor( ( $hour+1 ) % 23 / 2 ) } r

PowerShell小技巧之使用Hotmail账号发送邮件_PowerShell

在低版本的PowerShell上发送邮件可以借助.NET的system.net.mail.smtpclient类.在高版本的PowerShell中可以借助现成的命令:Send-MailMessage 我在尝试使用Hotmail时,遇到了一个错误: Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The server response was:

PowerShell小技巧之添加远程防火墙规则_PowerShell

接着昨天的场景,虽然将Windows Server 2012 Core的默认控制台设置成了PowerShell,还启用了远程桌面,但是对于Core版本的服务器来讲,远程桌面形同鸡肋,所以我想启用PowerShell远程访问,在服务器上以管理员权限运行: Enable-PSRemoting -Force 在尝试建立远程连接时,提示访问被拒绝,此时可能是防火墙问题:我需要使用PowerShell添加PowerShell远程防火墙规则: New-NetFirewallRule -Name powers

PowerShell小技巧之使用Verb打开程序_PowerShell

假设你经常需要编辑自己的"hosts"文件,这时你也许会手动在记事本中打开它.这个文件只允管理员成员编辑,普通的实例还无法操作. 这段代码它能让你很容易调整权限打开所有程序. function Show-HostsFile { $Path="$env:windir\system32\drivers\etc\hosts" Start-Process -FilePath notepad -ArgumentList $Path -Verb runas } 支持所有PS版本

PowerShell小技巧之同时使用可选强制参数_PowerShell

在下面脚本函数中让可选参数和强制参数必须同时使用. 下面演示当可选参数出现,也必须使用这个强制参数. function Connect-Somewhere { [CmdletBinding(DefaultParameterSetName='A')] param ( [Parameter(ParameterSetName='A',Mandatory=$false)] [Parameter(ParameterSetName='B',Mandatory=$true)] $ComputerName, [

PowerShell小技巧之启动远程桌面连接_PowerShell

以Windows Server 2012 R2为例,其实非常简单.先启用远程连接: (gwmi -class win32_terminalservicesetting -namespace "root\cimv2\terminalservices").setallowtsconnections(1) 然后再启用几条防火墙规则即可,用PowerShell(需要管理员权限)更显其威武: PS> Get-NetFirewallRule -Name RemoteDesktop* | se