Get WHOIS information using PowerShell

For the last few days, I was working on an issue that involved getting an overview of the networks being used and the public IP addresses. Because I was not sure if the public IP addresses in some logs were from that company, I had to look up a lot of IPs manually using Ripe/Whois sites. This blog post shows you a way in which you can get details for your own Public IP or the address or domain name that you specify.

Requirements of the script

The script should be a function that I can call easily and which shows me the details of the public IP address for my location by default, it should be possible to specify a specific IP address or domain name to get the details from that.

Running the script

Without the PublicIPaddressOrName parameter

Below is a part of the screen output of running the Get-WhoisInfo function without the PublicIPaddressOrName parameter, it shows my public IP details which in this case (for not showing my actual public IP) from a tethered connection from my KPN SIM.

With the PublicIPaddressOrName parameter

Below is a part of the screen output of running the Get-WhoisInfo function with the PublicIPaddressOrName parameter, it shows the details for 8.8.8.8 in this example. You can also use Get-WhoisInfo -PublicIPaddressOrName google.com for example to get details from that…

The script

Below is the script itself, it needs to have the PSParseHTML installed and will install it for you when needed which could give you a one-time installation question.

function Get-WhoisInfo {
    param(
        [parameter(Mandatory = $false)][string]$PublicIPaddressOrName
    )

    #Check if the module PSParseHTML is installed and install
    #the module if it's not installed
    if (-not (Get-Command ConvertFrom-HTMLClass -ErrorAction SilentlyContinue)) {
        Install-Module PSParseHTML -SkipPublisherCheck -Force:$true -Confirm:$false
    }

    try {
        #Get results from your own Public IP Address
        if (-not ($PublicIPaddressOrName)) {
            $ProgressPreference = "SilentlyContinue"
            $PublicIPaddressOrName = (Invoke-WebRequest -uri https://api.ipify.org?format=json | ConvertFrom-Json -ErrorAction Stop).ip
            $whoiswebresult = Invoke-Restmethod -Uri "https://who.is/whois-ip/ip-address/$($PublicIPaddressOrName)" -ErrorAction SilentlyContinue
            $whoisinfo = ConvertFrom-HTMLClass -Class 'col-md-12 queryResponseBodyKey' -Content $whoiswebresult -ErrorAction SilentlyContinue
            write-host ("Getting WHOIS details for {0}" -f $PublicIPaddressOrName) -ForegroundColor Green
        }
        #Get results from the Public IP or name specified
        else {
            $ProgressPreference = "SilentlyContinue"
            if ((($PublicIPaddressOrName).Split('.').Length -eq 4)) {
                $whoiswebresult = Invoke-Restmethod -Uri "https://who.is/whois-ip/ip-address/$($PublicIPaddressOrName)" -ErrorAction SilentlyContinue
                $whoisinfo = ConvertFrom-HTMLClass -Class 'col-md-12 queryResponseBodyKey' -Content $whoiswebresult -ErrorAction SilentlyContinue
                write-host ("Getting WHOIS details for {0}" -f $PublicIPaddressOrName) -ForegroundColor Green
            }
            else {
                $whoiswebresult = Invoke-Restmethod -Uri "https://www.who.is/whois/$($PublicIPaddressOrName)" -ErrorAction SilentlyContinue
                $whoisinfo = ConvertFrom-HTMLClass -Class 'col-md-12 queryResponseBodyValue' -Content $whoiswebresult -ErrorAction SilentlyContinue
                write-host ("Getting WHOIS details for {0}" -f $PublicIPaddressOrName) -ForegroundColor Green
            }
        }
    
        Return $whoisinfo   
    }
    catch {
        Write-Warning ("Error getting WHOIS details")
    }
}

Making it available in your PowerShell sessions

To make this function available in your PowerShell sessions, you can add it to your profile by adding this line (Use notepad $profile in a PowerShell session to open it)

. c:\data\Get-WhoisInfo.ps1

Download the script(s) from GitHub here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.