Whois 簡單來說�,就是一個(gè)用來查詢域名是否已經(jīng)被注冊,以及注冊域名的詳細(xì)信息的數(shù)據(jù)庫(如域名所有人�、域名注冊商、域名注冊日期和過期日期等)��。通過域名Whois服務(wù)器查詢����,可以查詢域名歸屬者聯(lián)系方式,以及注冊和到期時(shí)間��。通常情況下��,whois信息均為真實(shí)信息�,通過whois信息可以找到域名注冊人的很多真實(shí)信息,像電話����,郵箱,NS記錄���,是對網(wǎng)站進(jìn)行社工非常好的信息來源��,對于安全從業(yè)人員來說���,快速獲取whois信息���,能夠幫助自己掌握目標(biāo)網(wǎng)站的很多有用信息。
而whois信息通常是保存在各級(jí)域名注冊機(jī)構(gòu)中���,平常我們要查詢whois信息都是通過godaddy�、name.com�����、萬網(wǎng)��、新網(wǎng)等域名注冊商網(wǎng)站通過查詢頁面提交域名進(jìn)行查詢�����,既慢又不能批量查詢�,太費(fèi)勁了,這里我就把我珍藏很久的一個(gè)PS function貢獻(xiàn)給大家���,這個(gè)腳本支持140多種后綴的域名進(jìn)行查詢��,尤其是一些生僻的域����,找一個(gè)能支持這個(gè)域注冊的注冊商就不容易了�����,現(xiàn)在你不需要再為這個(gè)事情發(fā)愁了�。
老規(guī)矩,先上代碼�,然后對關(guān)鍵操作進(jìn)行解釋:
=====文件名:Get-whois.ps1=====
function Get-WhoIs {
# Author:fuhj(powershell#live.cn ,http://fuhaijun.com)
# Does a raw WHOIS query and returns the results
# The simplest whois search
#.Example
# get-whois dnspod.com
#
# This example is one that forwards to a second whois server ...
#.Example
# get-whois baidu.com -NoForward
#
# Returns the partial results you get when you don't follow forwarding to a new whois server
# get-whois n 128.11.5.98 -server whois.arin.net
#
# Does an ip lookup at arin.net
#>
[CmdletBinding()]
param(
# The query to send to WHOIS servers
[Parameter(Position=0, ValueFromRemainingArguments=$true)]
[string]$query,
# A specific whois server to search
[string]$server,
# Disable forwarding to new whois servers
[switch]$NoForward
)
end {
$TLDs = DATA {
@{
".com"= "whois.verisign-grs.com","whois.crsnic.net"
".net"= "whois.verisign-grs.com","whois.crsnic.net"
".org"= "whois.pir.org","whois.publicinterestregistry.net"
".info"= "whois.afilias.info","whois.afilias.net"
".biz"= "whois.neulevel.biz"
".us"= "whois.nic.us"
".uk"= "whois.nic.uk"
".ca"= "whois.cira.ca"
".tel"= "whois.nic.tel"
".ie"= "whois.iedr.ie","whois.domainregistry.ie"
".it"= "whois.nic.it"
".li"= "whois.nic.li"
".no"= "whois.norid.no"
".cc"= "whois.nic.cc"
".eu"= "whois.eu"
".nu"= "whois.nic.nu"
".au"= "whois.aunic.net","whois.ausregistry.net.au"
".de"= "whois.denic.de"
".ws"= "whois.worldsite.ws","whois.nic.ws","www.nic.ws"
".sc"= "whois2.afilias-grs.net"
".mobi" = "whois.dotmobiregistry.net"
".pro"= "whois.registrypro.pro","whois.registry.pro"
".edu"= "whois.educause.net","whois.crsnic.net"
".tv"= "whois.nic.tv","tvwhois.verisign-grs.com"
".travel" = "whois.nic.travel"
".name" = "whois.nic.name"
".in"= "whois.inregistry.net","whois.registry.in"
".me"= "whois.nic.me","whois.meregistry.net"
".at"= "whois.nic.at"
".be"= "whois.dns.be"
".cn"= "whois.cnnic.cn","whois.cnnic.net.cn"
".edu.cn"="whois.edu.cn"
".asia"= "whois.nic.asia"
".ru"= "whois.ripn.ru","whois.ripn.net"
".ro"= "whois.rotld.ro"
".aero" = "whois.aero"
".fr"= "whois.nic.fr"
".se"= "whois.iis.se","whois.nic-se.se","whois.nic.se"
".nl"= "whois.sidn.nl","whois.domain-registry.nl"
".nz"= "whois.srs.net.nz","whois.domainz.net.nz"
".mx"= "whois.nic.mx"
".tw"= "whois.apnic.net","whois.twnic.net.tw"
".ch"= "whois.nic.ch"
".hk"= "whois.hknic.net.hk"
".ac"= "whois.nic.ac"
".ae"= "whois.nic.ae"
".af"= "whois.nic.af"
".ag"= "whois.nic.ag"
".al"= "whois.ripe.net"
".am"= "whois.amnic.net"
".as"= "whois.nic.as"
".az"= "whois.ripe.net"
".ba"= "whois.ripe.net"
".bg"= "whois.register.bg"
".bi"= "whois.nic.bi"
".bj"= "www.nic.bj"
".br"= "whois.nic.br"
".br.com"="whois.centralnic.net"
".eu.org"="whois.eu.org"
".bt"= "whois.netnames.net"
".by"= "whois.ripe.net"
".bz"= "whois.belizenic.bz"
".cd"= "whois.nic.cd"
".ck"= "whois.nic.ck"
".cl"= "nic.cl"
".coop"= "whois.nic.coop"
".cx"= "whois.nic.cx"
".cy"= "whois.ripe.net"
".cz"= "whois.nic.cz"
".dk"= "whois.dk-hostmaster.dk"
".dm"= "whois.nic.cx"
".dz"= "whois.ripe.net"
".ee"= "whois.eenet.ee"
".eg"= "whois.ripe.net"
".es"= "whois.ripe.net"
".fi"= "whois.ficora.fi"
".fo"= "whois.ripe.net"
".gb"= "whois.ripe.net"
".ge"= "whois.ripe.net"
".gl"= "whois.ripe.net"
".gm"= "whois.ripe.net"
".gov"= "whois.nic.gov"
".gr"= "whois.ripe.net"
".gs"= "whois.adamsnames.tc"
".hm"= "whois.registry.hm"
".hn"= "whois2.afilias-grs.net"
".hr"= "whois.ripe.net"
".hu"= "whois.ripe.net"
".il"= "whois.isoc.org.il"
".int"= "whois.isi.edu"
".iq"= "vrx.net"
".ir"= "whois.nic.ir"
".is"= "whois.isnic.is"
".je"= "whois.je"
".jp"= "whois.jprs.jp"
".kg"= "whois.domain.kg"
".kr"= "whois.nic.or.kr"
".la"= "whois2.afilias-grs.net"
".lt"= "whois.domreg.lt"
".lu"= "whois.restena.lu"
".lv"= "whois.nic.lv"
".ly"= "whois.lydomains.com"
".ma"= "whois.iam.net.ma"
".mc"= "whois.ripe.net"
".md"= "whois.nic.md"
".mil"= "whois.nic.mil"
".mk"= "whois.ripe.net"
".ms"= "whois.nic.ms"
".mt"= "whois.ripe.net"
".mu"= "whois.nic.mu"
".my"= "whois.mynic.net.my"
".nf"= "whois.nic.cx"
".pl"= "whois.dns.pl"
".pr"= "whois.nic.pr"
".pt"= "whois.dns.pt"
".sa"= "saudinic.net.sa"
".sb"= "whois.nic.net.sb"
".sg"= "whois.nic.net.sg"
".sh"= "whois.nic.sh"
".si"= "whois.arnes.si"
".sk"= "whois.sk-nic.sk"
".sm"= "whois.ripe.net"
".st"= "whois.nic.st"
".su"= "whois.ripn.net"
".tc"= "whois.adamsnames.tc"
".tf"= "whois.nic.tf"
".th"= "whois.thnic.net"
".tj"= "whois.nic.tj"
".tk"= "whois.nic.tk"
".tl"= "whois.domains.tl"
".tm"= "whois.nic.tm"
".tn"= "whois.ripe.net"
".to"= "whois.tonic.to"
".tp"= "whois.domains.tl"
".tr"= "whois.nic.tr"
".ua"= "whois.ripe.net"
".uy"= "nic.uy"
".uz"= "whois.cctld.uz"
".va"= "whois.ripe.net"
".vc"= "whois2.afilias-grs.net"
".ve"= "whois.nic.ve"
".vg"= "whois.adamsnames.tc"
".yu"= "whois.ripe.net"
}
}
$EAP, $ErrorActionPreference = $ErrorActionPreference, "Stop"
$query = $query.Trim()
if($query -match "(?:\d{1,3}\.){3}\d{1,3}") {
Write-Verbose "IP Lookup!"
if($query -notmatch " ") {
$query = "n $query"
}
if(!$server) { $server = "whois.arin.net" }
} elseif(!$server) {
$server = $TLDs.GetEnumerator() |
Where { $query -like ("*"+$_.name) } |
Select -Expand Value | Get-Random
}
if(!$server) { $server = "whois.arin.net" }
$maxRequery = 3
do {
Write-Verbose "Connecting to $server"
$client = New-Object System.Net.Sockets.TcpClient $server, 43
try {
$stream = $client.GetStream()
Write-Verbose "Sending Query: $query"
$data = [System.Text.Encoding]::Ascii.GetBytes( $query + "`r`n" )
$stream.Write($data, 0, $data.Length)
Write-Verbose "Reading Response:"
$reader = New-Object System.IO.StreamReader $stream, [System.Text.Encoding]::ASCII
$result = $reader.ReadToEnd()
if($result -match "(?s)Whois Server:\s*(\S+)\s*") {
Write-Warning "Recommended WHOIS server: ${server}"
if(!$NoForward) {
Write-verbose "Non-Authoritative Results:`n${result}"
# cache, in case we can't get an answer at the forwarder
if(!$cachedResult) {
$cachedResult = $result
$cachedServer = $server
}
$server = $matches[1]
$query = ($query -split " ")[-1]
$maxRequery--
} else { $maxRequery = 0 }
} else { $maxRequery = 0 }
} finally {
if($stream) {
$stream.Close()
$stream.Dispose()
}
}
} while ($maxRequery -gt 0)
$result
if($cachedResult -and ($result -split "`n").count -lt 5) {
Write-Warning "Original Result from ${cachedServer}:"
$cachedResult
}
$ErrorActionPreference = $EAP
}
}
函數(shù)里定義了三個(gè)參數(shù),兩個(gè)[string]類型�����,一個(gè)[switch]類型�,分別用于接收要進(jìn)行whois查詢的域名,指定whois域名服務(wù)器��,以及是否允許將查詢請求轉(zhuǎn)發(fā)到其他域名解析服務(wù)器����。隨后創(chuàng)建了一個(gè)枚舉值的哈希表�,目的是用于存儲(chǔ)不同域名后綴和whois服務(wù)器的對應(yīng)關(guān)系�,因?yàn)椴煌挠蛎缶Y對應(yīng)的域名信息是存儲(chǔ)在不同的服務(wù)器上的。需要強(qiáng)調(diào)的是像.com�����、.net��、.org���、.info這幾個(gè)注冊量特別大的域名后綴指定了多個(gè)whois服務(wù)器��,避免查詢量過大無法有效返回結(jié)果的問題��。
接下來通過New-Object創(chuàng)建一個(gè)System.Net.Sockets.TcpClient的TCP對象�,連接上面指定的whois服務(wù)器的43端口用于查詢whois信息�,在通過一個(gè)System.IO.StreamReader對象接收whois信息返回的數(shù)據(jù),并對數(shù)據(jù)進(jìn)行解析�����。除此之外再加上try{}cache{}finally{}進(jìn)行容錯(cuò)處理�����,在數(shù)據(jù)解析是也用到了正則表達(dá)式用于匹配目標(biāo)字符串。
程序的運(yùn)行方法有如下四種:
get-whois dnspod.com
先看看dnspod在被騰訊收購后有沒有更改whois信息�����,貌似鵝廠沒有改過
get-whois jd.com –NoForward
get-whois n 128.11.5.98 -server whois.arin.net
您可能感興趣的文章:- PowerShell小技巧之獲取Windows系統(tǒng)密碼Hash
- PowerShell小技巧之實(shí)現(xiàn)文件下載(類wget)
- PowerShell小技巧之定時(shí)抓取屏幕圖像
- PowerShell小技巧之定時(shí)記錄操作系統(tǒng)行為
- PowerShell小技巧之讀取Windows產(chǎn)品密鑰
- PowerShell小技巧之發(fā)送TCP請求
- PowerShell小技巧之嘗試ssh登錄
- PowerShell小技巧之執(zhí)行SOAP請求
- PowerShell腳本開發(fā)之對指定IP進(jìn)行端口掃描
