WhoIs in PowerShell

There are a number of WhoIs scripts knocking around, this is my version. Something of a long development cycle since I started this last year, got busy, then finished it today.

Get-WhoIs has been incorporated into a script module: Indented.NetworkTools.

It has a couple of dependencies, it needs both NetShell (for sockets) and DnsShell (to attempt to locate a WhoIs server). I use whois-servers.net to find a server for name lookups, and I use ARIN as a starting point for IP lookups (with a recursive call to get detail).

Function Get-WhoIs { [CmdLetBinding()] Param( [Parameter(Mandatory = $True)] [String]$Name, [String]$WhoIsServer, [String]$Command ) If (!(Get-Command Get-Dns)) { break } If (!$WhoIsServer) { If ([Net.IPAddress]::TryParse($Name, [Ref]$Null) -Or $Name.EndsWith("arpa")) { $WhoIsServer = $WhoIsServerName = "whois.arin.net" $Command = "n " } Else { $WhoIsServer = $WhoIsServerName = "$($Name.Split('.')[-1]).whois-servers.net" } } If (!([Net.IPAddress]::TryParse($WhoIsServer, [Ref]$Null))) { $WhoIsServerRecord = Get-Dns -Name $WhoIsServer -RecordType A | Select-Object -Expand Answer | Where-Object { $.RecordType -eq "A" } | Select-Object -First 1 $WhoIsServer = $WhoIsServerRecord.IPAddress } If ($WhoIsServer) { Write-Verbose "Querying $WhoIsServerName ($WhoIsServer) for $Name" $Data = [Text.Encoding]::ASCII.GetBytes("$Command$Namern") $Socket = New-Socket -Protocol Tcp Send-Bytes -Socket $Socket -IPAddress $WhoIsServer -Port 43 -Data $Data $ReceivedData = Receive-Bytes -Socket $Socket -BufferSize 4098 If ($ReceivedData) { $WhoIsRecord = $ReceivedData | ForEach-Object { [Text.Encoding]::ASCII.GetString($.Data).Trim() } | Out-String If ($WhoIsRecord -Match 'ReferralServer: whois://(.+):') { Get-WhoIs $Name -WhoIsServer $Matches[1] } Else { $WhoIsRecord } } Remove-Socket $Socket } }

My test set is small, if you happen to try it and find something doesn’t work please let me know.

WhoIs in PowerShell
Share this