Get WHOIS information using PowerShell

The last few days I was working on an issue that involved getting an overview of the networks being used and the public ip-adresses. Because I was not sure if the public ip-adresses in some logs were from that company, I had to lookup a lot of IP’s manually using Ripe/Whois sites. This blogpost shows you a way in which you can get details for your own Public IP or the ip-address or domain name that you specify.

Requirements of the script

The script should be a function which I can call easily and which shows me the details of public ip-address for my location by default, it should be possible to specify a specific ip-address or domain name to get the details from that.

Running the script

Without the PublicIPaddressOrName parameter

Below is a part of the screen output of running the Get-WhoisInfo function without the PublicIPaddressOrName parameter, it shows my public ip details which in this case (for not showing my actual public ip) from a tethered connection from my KPN SIM.

With the PublicIPaddressOrName parameter

Below is a part of the screen output of running the Get-WhoisInfo function with the PublicIPaddressOrName parameter, it shows the details for 8.8.8.8 in this example. You can also use Get-WhoisInfo -PublicIPaddressOrName google.com for example to get details from that…

The script

Below is the script itself

function Get-WhoisInfo {
    param(
        [parameter(Mandatory = $false)][string]$PublicIPaddressOrName
    )

    try {
        #Get results from your own Public IP Address
        if (-not ($PublicIPaddressOrName)) {
            $ProgressPreference = "SilentlyContinue"
            $PublicIPaddressOrName = (Invoke-WebRequest -uri https://api.ipify.org?format=json | ConvertFrom-Json -ErrorAction Stop).ip
            $whoiswebresult = Invoke-Restmethod -Uri "https://who.is/whois-ip/ip-address/$($PublicIPaddressOrName)" -ErrorAction SilentlyContinue
            $whoisinfo = ConvertFrom-HTMLClass -Class 'col-md-12 queryResponseBodyKey' -Content $whoiswebresult -ErrorAction SilentlyContinue
            write-host Getting WHOIS details for $PublicIPaddressOrName -ForegroundColor Green
        }
        #Get results from the Public IP or name specified
        else {
            $ProgressPreference = "SilentlyContinue"
            if ((($PublicIPaddressOrName).Split('.').Length -eq 4)) {
                $whoiswebresult = Invoke-Restmethod -Uri "https://who.is/whois-ip/ip-address/$($PublicIPaddressOrName)" -ErrorAction SilentlyContinue
                $whoisinfo = ConvertFrom-HTMLClass -Class 'col-md-12 queryResponseBodyKey' -Content $whoiswebresult -ErrorAction SilentlyContinue
                write-host Getting WHOIS details for $PublicIPaddressOrName -ForegroundColor Green
            }
            else {
                $whoiswebresult = Invoke-Restmethod -Uri "https://www.who.is/whois/$($PublicIPaddressOrName)" -ErrorAction SilentlyContinue
                $whoisinfo = ConvertFrom-HTMLClass -Class 'col-md-12 queryResponseBodyValue' -Content $whoiswebresult -ErrorAction SilentlyContinue
                write-host Getting WHOIS details for $PublicIPaddressOrName -ForegroundColor Green
            }
        }
    
        Return $whoisinfo   
    }
    catch {
        write-host Error getting WHOIS details -ForegroundColor Red
    }
}

Making it available in your PowerShell sessions

To make this function available in your PowerShell sessions, you can add it to your profile by adding this line (Use notepad $profile in a PowerShell session to open it)

. c:\data\Get-WhoisInfo.ps1

Download the script(s) from GitHub here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.