Commands using whois (15)

  • Returns nothing if the domain exists and 'No match for domain.com' otherwise.


    6
    whois domainnametocheck.com | grep match
    Timothee · 2009-08-11 13:33:25 1

  • 4
    ASN=32934; for s in $(whois -H -h riswhois.ripe.net -- -F -K -i $ASN | grep -v "^$" | grep -v "^%" | awk '{ print $2 }' ); do echo " blocking $s"; sudo iptables -A INPUT -s $s -j REJECT &> /dev/null || sudo ip6tables -A INPUT -s $s -j REJECT; done
    koppi · 2016-04-08 11:30:12 0
  • Create a text file called domainlist.txt with a domain per line, then run the command above. All registries are a little different, so play around with the command. Should produce a list of domains and their expirations date. I am responsible for my companies domains and have a dozen or so myself, so this is a quick check if I overlooked any.


    3
    cat domainlist.txt | while read line; do echo -ne $line; whois $line | grep Expiration ; done | sed 's:Expiration Date::'
    netsaint · 2010-05-02 06:49:09 1
  • Useful if you f.i. want to block/allow all connections from a certain provider which uses successive netnames for his ip blocks. In this example I used the german Deutsche Telekom which has DTAG-DIAL followed by a number as netname for the dial in pools. There are - as always ;) - different ways to do this. If you have seq available you can use net=DTAG-DIAL ; for i in `seq 1 30`; do whois -h whois.ripe.net $net$i | grep '^inetnum:' | sed "s;^.*:;$net$i;" ; done or without seq you can use bash brace expansion net=DTAG-DIAL ; for i in {1..30}; do whois -h whois.ripe.net $net$i | grep '^inetnum:' | sed "s;^.*:;$net$i;" ; done or if you like while better than for use something like net=DTAG-DIAL ; i=1 ; while true ; do whois -h whois.ripe.net $net$i | grep '^inetnum:' | sed "s;^.*:;$net$i;" ; test $i = 30 && break ; i=$(expr $i + 1) ; done and so on. Show Sample Output


    2
    net=DTAG-DIAL ; for (( i=1; i<30; i++ )); do whois -h whois.ripe.net $net$i | grep '^inetnum:' | sed "s;^.*:;$net$i;" ; done
    drizzt · 2009-08-01 05:28:19 0
  • Change the $domain variable to whichever domain you wish to query. Works with the majority of whois info; for some that won't, you may have to compromise: domain=google.com; for a in $(whois $domain | grep "Domain servers in listed order:" --after 3 | grep -v "Domain servers in listed order:"); do echo ">>> Nameservers for $domain from $a Note that this doesn't work as well as the first one; if they have more than 3 nameservers, it won't hit them all. As the summary states, this can be useful for making sure the whois nameservers for a domain match the nameserver records (NS records) from the nameservers themselves. Show Sample Output


    2
    domain=google.com; for ns in $(whois $domain | awk -F: '/Name Server/{print $2}'); do echo ">>> Nameservers for $domain from $a <<<"; dig @$ns $domain ns +short; echo; done;
    laebshade · 2011-05-08 04:46:34 0

  • 2
    whois commandlinefu.com | grep -E '^\s{3}'
    ca9lar · 2019-04-09 21:09:30 0

  • 0
    while read line; do pais=$(whois "$line" | grep -E '[Cc]ountry') echo -n "IP=$line Pais=$pais" && echo done <listaip
    pathcl · 2010-10-25 15:39:50 4
  • Nice neat feedback showing contact infomation for as many domains as you wish to feed it. I used a list of domains, each one on a new line as supplied by our registar, as we needed to check they were all upto date and back them up as we are updating them all.


    0
    whois -H $(cat ./list_of_domains) | awk 'BEGIN{RS=""}/Registrant/,/Registration Service Provider:/ {print} END{print "----------------\n"}'
    djsmiley2k · 2011-01-11 12:55:34 0
  • Found on https://bitcointalk.org/index.php?topic=55520.0


    0
    for i in `wget -O url|grep '<a rel="nofollow"'|grep http|sed 's|.*<a rel="nofollow" class="[^"]\+" href="[^"]*https\?://\([^/]\+\)[^"]*">[^<]\+</a>.*|\1|'`;do if test -n "$(whois $i|grep -i godaddy)";then echo $i uses GoDaddy;fi;sleep 20;done
    coinbitsdotcom · 2011-12-24 19:12:18 0

  • 0
    cat domainlist.txt | while read line; do echo -ne $line; whois $line | grep Expiration ; done | sed 's:Expiration Date::'
    jun3337 · 2013-05-13 02:55:17 0
  • Retrieves AS route prefixes for IPv4 and IPv6, aggregates the routes to the minimal set, and adds netfilter rules to reject them. Relies on two helpers: IPv4 - "aggregate" by Joe Abley (package name 'aggregate'), IPv6 - "aggregate6" by Job Snijders ( https://github.com/job/aggregate6 ) Show Sample Output


    0
    ASN=32934; for IP in 4 6; do whois -h riswhois.ripe.net \!${IP/4/g}as${ASN} | sed -n '2 p' | tr \ \\n | aggregate${IP/4/} | while read NET; do ip${IP/4/}tables -I INPUT -S ${NET} -j REJECT; done; done
    iam_TJ · 2016-05-29 09:45:34 0
  • I don't know why you would want to echo "blocking ....", but my alternative is functionally equivalent with the extra echo.


    0
    ASN=32934;whois -H -h riswhois.ripe.net -- -F -K -i $ASN|awk '/^'$ASN'/ {if ($2 ~ /::/) {a="6"} else {a=""};b="sudo ip"a"tables -A INPUT -s "$2" -j REJECT"; print " blocking "$2;system(b)}'
    AndrewM · 2016-07-22 07:48:27 0
  • Outputs multiple whois from a plain text file.


    -2
    for domain in `cat list_of_domains.txt`; do echo $domain; whois $domain >> output.txt; done
    pathcl · 2010-02-15 17:13:45 1
  • This can be used in scripts, to find out the origin of target IP etc. Show Sample Output


    -5
    x=192.168.1.1; whois $x > $x.txt
    sxiii · 2011-01-17 03:33:49 0
  • It would be nice if commandlinefu.com had a better domain name. Will they pick one of the above; We'll see. Show Sample Output


    -11
    whois cmd.fu;whois cmdfu.com|grep -i cmdfu
    axelabs · 2009-02-19 08:57:50 3

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

create pdf files from text files or stdout.

Arch Linux sort installed packages by size
This one-liner will output installed packages sorted by size in Kilobytes.

List the largest directories & subdirectoties in the current directory sorted from largest to smallest.

Tail -f at your own pace
The -s option allows you to specify the update interval

Joins args together using the first arg as glue

Alert visually until any key is pressed
I learned a few things reading this command. But I did run into a few issues: 1. On systems that don't use GNU echo (e.g. macOS 10.14.5 Mojave), the e option may not be supported. In this case ANSI escape codes will echoed as text and the terminal will not flash, like this: \e[?5h\e[38;5;1m A L E R T Thu Jun 20 16:31:29 PDT 2019 2. Since the read command strips\ignores leading backslashes, if a user types the backslash character once in the loop, it will not break. Typing backslash twice in a loop will break as expected. 3. The foreground color is set to red (\e[38;5;1m) on every loop. This could be set once before we call while, and then reset once when the loop breaks. 4. Instead of resetting the foreground color when it breaks, the video mode is set back to normal (\e[?5l). This has the effect of leaving the terminal text red until it is manually reset. The alternative I'm proposing here addresses these issues. I tested it on macOS and Arch Linux.

Split a file one piece at a time, when using the split command isn't an option (not enough disk space)
bs = buffer size (basically defined the size of a "unit" used by count and skip) count = the number of buffers to copy (16m * 32 = 1/2 gig) skip = (32 * 2) we are grabbing piece 3...which means 2 have already been written so skip (2 * count) i will edit this later if i can to make this all more understandable

get all Google ipv4/6 subnets for a iptables firewall for example (updated version)
google has added 2 more netblocks...

Making scripts runs on backgourd and logging output
Save all output to a log.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: