How to get WhoIs info by IP in Python 3?

python python-3.x whois
Babken Vardanyan picture Babken Vardanyan · Jul 4, 2014 · Viewed 30.5k times · Source

Note: This is not a library recommendation question. It is rather about possible approaches to the problem.

Question: What approaches are possible to retreive WhoIs information from given IP address in Python 3? The result should contain at least:

  • Registration country
  • ISP name, address, abuse email
  • If registered, the domain name
  • Registration and expiery dates
  • Bonus points if the result is not plain text and is the above info is structured

I am not looking for wrappers around the shell "whois" command as the program must work under Windows.

Before asking this question, google gave me the following libraries:

The following throw errors when installing via pip or when during importing:

  • BulkWhois
  • WhoisClient
  • cymruwhois
  • dwhois
  • ipwhois
  • pyiptools
  • python-whois
  • pywhois
  • uwhoisd
  • whois
  • whoislookup
  • whoispy

The following libraries do work in Python 3, however they do the reverse of what I want - they look up by domain name, not by IP address:

  • nicnames
  • pythonwhois

I have looked into the following questions before asking:

Answer

Padraic Cunningham picture Padraic Cunningham · Jul 5, 2014

Install the stable release of dnspython from here

Then pip3 install ipwhois.

In [37]: from ipwhois import IPWhois

In [38]: obj = IPWhois('74.125.225.229')

In [39]: res=obj.lookup()

In [40]: res["nets"][0]['country']
Out[40]: 'US'

In [41]: res["nets"][0]['abuse_emails']
Out[41]: '[email protected]'

In [42]: from pprint import pprint

In [43]: pprint(res)
{'asn': '15169',
 'asn_cidr': '74.125.225.0/24',
 'asn_country_code': 'US',
 'asn_date': '2007-03-13',
 'asn_registry': 'arin',
 'nets': [{'abuse_emails': '[email protected]',
           'address': '1600 Amphitheatre Parkway',
           'cidr': '74.125.0.0/16',
           'city': 'Mountain View',
           'country': 'US',
           'created': '2007-03-13T00:00:00',
           'description': 'Google Inc.',
           'misc_emails': None,
           'name': 'GOOGLE',
           'postal_code': '94043',
           'state': 'CA',
           'tech_emails': '[email protected]',
           'updated': '2012-02-24T00:00:00'}],
 'query': '74.125.225.229',
 'raw': None}

HTTP:

In [44]: res=obj.lookup_rws()

In [45]: pprint(res)
{'asn': '15169',
 'asn_cidr': '74.125.225.0/24',
 'asn_country_code': 'US',
 'asn_date': '2007-03-13',
 'asn_registry': 'arin',
 'nets': [{'abuse_emails': '[email protected]',
           'address': '1600 Amphitheatre Parkway',
           'cidr': '74.125.0.0/16',
           'city': 'Mountain View',
           'country': 'US',
           'created': '2007-03-13T12:09:54-04:00',
           'description': 'Google Inc.',
           'misc_emails': None,
           'name': 'GOOGLE',
           'postal_code': '94043',
           'state': 'CA',
           'tech_emails': '[email protected]',
           'updated': '2012-02-24T09:44:34-05:00'}],
 'query': '74.125.225.229',
 'raw': None}

The API has changed, for the legacy ipwhois IPWhois.lookup() is deprecated as of v0.12.0 and will be removed. Legacy whois lookups were moved to IPWhois.lookup_whois()..

You can access that method, I have disabled warnings to be able to see the output, there are deprecated warnings that should be taken into account in real use cases:

In [30]: from warnings import filterwarnings

In [31]: filterwarnings( action="ignore")

In [32]: from ipwhois import IPWhois

In [33]: obj = IPWhois('74.125.225.229')

In [34]: obj.lookup_whois()
Out[34]: 
{'asn': '15169',
 'asn_cidr': '74.125.225.0/24',
 'asn_country_code': 'US',
 'asn_date': '2007-03-13',
 'asn_description': 'GOOGLE - Google Inc., US',
 'asn_registry': 'arin',
 'nets': [{'address': '1600 Amphitheatre Parkway',
   'cidr': '74.125.0.0/16',
   'city': 'Mountain View',
   'country': 'US',
   'created': '2007-03-13',
   'description': 'Google Inc.',
   'emails': ['[email protected]', '[email protected]'],
   'handle': 'NET-74-125-0-0-1',
   'name': 'GOOGLE',
   'postal_code': '94043',
   'range': '74.125.0.0 - 74.125.255.255',
   'state': 'CA',
   'updated': '2012-02-24'}],
 'nir': None,
 'query': '74.125.225.229',
 'raw': None,
 'raw_referral': None,
 'referral': None}

The docs state, IPWhois.lookup_rdap() is now the recommended lookup method. RDAP provides a far better data structure than legacy whois and REST lookups (previous implementation). RDAP queries allow for parsing of contact information and details for users, organizations, and groups. RDAP also provides more detailed network information.

But following the usage example verbatim, or adding the asn_methods=["whois"]), stills gives deprecation warnings so, again, that is something that needs to be addressed in actual use cases.

In [31]: from ipwhois import IPWhois

In [32]: obj = IPWhois('74.125.225.229')
/usr/local/lib/python3.6/site-packages/ipwhois/net.py:138: UserWarning: allow_permutations has been deprecated and will be removed. It is no longer needed, due to the deprecation of asn_alts, and the addition of the asn_methods argument.
  warn('allow_permutations has been deprecated and will be removed. '

In [33]:  obj.lookup_rdap(asn_methods=["whois"])
/usr/local/lib/python3.6/site-packages/ipwhois/asn.py:302: UserWarning: IPASN._parse_fields_whois() has been deprecated and will be removed. You should now use IPASN.parse_fields_whois().
  warn('IPASN._parse_fields_whois() has been deprecated and will be '
Out[33]: 
{'asn': '15169',
 'asn_cidr': '74.125.225.0/24',
 'asn_country_code': 'US',
 'asn_date': '2007-03-13',
 'asn_description': 'GOOGLE - Google Inc., US',
 'asn_registry': 'arin',
 'entities': ['GOGL'],
 'network': {'cidr': '74.125.0.0/16',
  'country': None,
  'end_address': '74.125.255.255',
  'events': [{'action': 'last changed',
    'actor': None,
    'timestamp': '2012-02-24T09:44:34-05:00'},
   {'action': 'registration',
    'actor': None,
    'timestamp': '2007-03-13T12:09:54-04:00'}],
  'handle': 'NET-74-125-0-0-1',
  'ip_version': 'v4',
  'links': ['https://rdap.arin.net/registry/ip/074.125.000.000',
   'https://whois.arin.net/rest/net/NET-74-125-0-0-1'],
  'name': 'GOOGLE',
  'notices': [{'description': 'By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use',
    'links': ['https://www.arin.net/whois_tou.html'],
    'title': 'Terms of Service'}],
  'parent_handle': 'NET-74-0-0-0-0',
  'raw': None,
  'remarks': None,
  'start_address': '74.125.0.0',
  'status': None,
  'type': None},
 'nir': None,
 'objects': {'GOGL': {'contact': {'address': [{'type': None,
      'value': '1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES'}],
    'email': None,
    'kind': 'org',
    'name': 'Google Inc.',
    'phone': None,
    'role': None,
    'title': None},
   'entities': ['ABUSE5250-ARIN', 'ZG39-ARIN'],
   'events': [{'action': 'last changed',
     'actor': None,
     'timestamp': '2017-01-28T08:32:29-05:00'},
    {'action': 'registration',
     'actor': None,
     'timestamp': '2000-03-30T00:00:00-05:00'}],
   'events_actor': None,
   'handle': 'GOGL',
   'links': ['https://rdap.arin.net/registry/entity/GOGL',
    'https://whois.arin.net/rest/org/GOGL'],
   'notices': None,
   'raw': None,
   'remarks': None,
   'roles': ['registrant'],
   'status': None}},
 'query': '74.125.225.229',
 'raw': None}

Related questions

Convert bytes to a string

I'm using this code to get standard output from an external program: >>> from subprocess import * >>> command_stdout = Popen(['ls', '-l'], stdout=PIPE).communicate()[0] The communicate() method returns an array of bytes: >>> …

Read More
Best way to convert string to bytes in Python 3?

There appear to be two different ways to convert a string to bytes, as seen in the answers to TypeError: 'str' does not support the buffer interface Which of these methods would be better or more Pythonic? Or is it …

Read More
How to install pip with Python 3?

I want to install pip. It should support Python 3, but it requires setuptools, which is available only for Python 2. How can I install pip with Python 3?

Read More