问题
Note: This is not a library recommendation question. It is rather about possible approaches to the problem.
Question: What approaches are possible to retreive WhoIs information from given IP address in Python 3? The result should contain at least:
- Registration country
- ISP name, address, abuse email
- If registered, the domain name
- Registration and expiery dates
- Bonus points if the result is not plain text and is the above info is structured
I am not looking for wrappers around the shell "whois" command as the program must work under Windows.
Before asking this question, google gave me the following libraries:
The following throw errors when installing via pip or when during importing:
BulkWhoisWhoisClientcymruwhoisdwhoisipwhoispyiptoolspython-whoispywhoisuwhoisdwhoiswhoislookupwhoispy
The following libraries do work in Python 3, however they do the reverse of what I want - they look up by domain name, not by IP address:
nicnamespythonwhois
I have looked into the following questions before asking:
- How do I run a WHOIS lookup with PHP or Python?
- python whois for windows
- https://stackoverflow.com/questions/16753309/python-whois-library
回答1:
Install the stable release of dnspython from here
Then pip3 install ipwhois.
In [37]: from ipwhois import IPWhois
In [38]: obj = IPWhois('74.125.225.229')
In [39]: res=obj.lookup()
In [40]: res["nets"][0]['country']
Out[40]: 'US'
In [41]: res["nets"][0]['abuse_emails']
Out[41]: 'arin-contact@google.com'
In [42]: from pprint import pprint
In [43]: pprint(res)
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_registry': 'arin',
'nets': [{'abuse_emails': 'arin-contact@google.com',
'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13T00:00:00',
'description': 'Google Inc.',
'misc_emails': None,
'name': 'GOOGLE',
'postal_code': '94043',
'state': 'CA',
'tech_emails': 'arin-contact@google.com',
'updated': '2012-02-24T00:00:00'}],
'query': '74.125.225.229',
'raw': None}
HTTP:
In [44]: res=obj.lookup_rws()
In [45]: pprint(res)
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_registry': 'arin',
'nets': [{'abuse_emails': 'arin-contact@google.com',
'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13T12:09:54-04:00',
'description': 'Google Inc.',
'misc_emails': None,
'name': 'GOOGLE',
'postal_code': '94043',
'state': 'CA',
'tech_emails': 'arin-contact@google.com',
'updated': '2012-02-24T09:44:34-05:00'}],
'query': '74.125.225.229',
'raw': None}
The API has changed, for the legacy ipwhois IPWhois.lookup() is deprecated as of v0.12.0 and will be removed. Legacy whois lookups were moved to IPWhois.lookup_whois()..
You can access that method, I have disabled warnings to be able to see the output, there are deprecated warnings that should be taken into account in real use cases:
In [30]: from warnings import filterwarnings
In [31]: filterwarnings( action="ignore")
In [32]: from ipwhois import IPWhois
In [33]: obj = IPWhois('74.125.225.229')
In [34]: obj.lookup_whois()
Out[34]:
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_description': 'GOOGLE - Google Inc., US',
'asn_registry': 'arin',
'nets': [{'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13',
'description': 'Google Inc.',
'emails': ['arin-contact@google.com', 'network-abuse@google.com'],
'handle': 'NET-74-125-0-0-1',
'name': 'GOOGLE',
'postal_code': '94043',
'range': '74.125.0.0 - 74.125.255.255',
'state': 'CA',
'updated': '2012-02-24'}],
'nir': None,
'query': '74.125.225.229',
'raw': None,
'raw_referral': None,
'referral': None}
The docs state, IPWhois.lookup_rdap() is now the recommended lookup method. RDAP provides a far better data structure than legacy whois and REST lookups (previous implementation). RDAP queries allow for parsing of contact information and details for users, organizations, and groups. RDAP also provides more detailed network information.
But following the usage example verbatim, or adding the asn_methods=["whois"]), stills gives deprecation warnings so, again, that is something that needs to be addressed in actual use cases.
In [31]: from ipwhois import IPWhois
In [32]: obj = IPWhois('74.125.225.229')
/usr/local/lib/python3.6/site-packages/ipwhois/net.py:138: UserWarning: allow_permutations has been deprecated and will be removed. It is no longer needed, due to the deprecation of asn_alts, and the addition of the asn_methods argument.
warn('allow_permutations has been deprecated and will be removed. '
In [33]: obj.lookup_rdap(asn_methods=["whois"])
/usr/local/lib/python3.6/site-packages/ipwhois/asn.py:302: UserWarning: IPASN._parse_fields_whois() has been deprecated and will be removed. You should now use IPASN.parse_fields_whois().
warn('IPASN._parse_fields_whois() has been deprecated and will be '
Out[33]:
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_description': 'GOOGLE - Google Inc., US',
'asn_registry': 'arin',
'entities': ['GOGL'],
'network': {'cidr': '74.125.0.0/16',
'country': None,
'end_address': '74.125.255.255',
'events': [{'action': 'last changed',
'actor': None,
'timestamp': '2012-02-24T09:44:34-05:00'},
{'action': 'registration',
'actor': None,
'timestamp': '2007-03-13T12:09:54-04:00'}],
'handle': 'NET-74-125-0-0-1',
'ip_version': 'v4',
'links': ['https://rdap.arin.net/registry/ip/074.125.000.000',
'https://whois.arin.net/rest/net/NET-74-125-0-0-1'],
'name': 'GOOGLE',
'notices': [{'description': 'By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use',
'links': ['https://www.arin.net/whois_tou.html'],
'title': 'Terms of Service'}],
'parent_handle': 'NET-74-0-0-0-0',
'raw': None,
'remarks': None,
'start_address': '74.125.0.0',
'status': None,
'type': None},
'nir': None,
'objects': {'GOGL': {'contact': {'address': [{'type': None,
'value': '1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES'}],
'email': None,
'kind': 'org',
'name': 'Google Inc.',
'phone': None,
'role': None,
'title': None},
'entities': ['ABUSE5250-ARIN', 'ZG39-ARIN'],
'events': [{'action': 'last changed',
'actor': None,
'timestamp': '2017-01-28T08:32:29-05:00'},
{'action': 'registration',
'actor': None,
'timestamp': '2000-03-30T00:00:00-05:00'}],
'events_actor': None,
'handle': 'GOGL',
'links': ['https://rdap.arin.net/registry/entity/GOGL',
'https://whois.arin.net/rest/org/GOGL'],
'notices': None,
'raw': None,
'remarks': None,
'roles': ['registrant'],
'status': None}},
'query': '74.125.225.229',
'raw': None}
来源:https://stackoverflow.com/questions/24580373/how-to-get-whois-info-by-ip-in-python-3