For the last few days, I have been working on an issue involving getting an overview of the networks and public IP addresses. Because I was unsure if the public IP addresses in some logs were from that company, I had to look up a lot of IPs manually using Ripe/Whois sites. This blog post shows you how to get details for your Public IP or the address or domain name you specify.
Requirements of the script
The script should be a function that I can call quickly and shows me the details of the public IP address for my location by default, and it should be possible to specify a specific IP address or domain name to get the details from that.
Running the script
Without the PublicIPaddressOrName parameter
Below is a part of the screen output of running the Get-WhoisInfo function without the PublicIPaddressOrName parameter. It shows my public IP details which, in this case (for not showing my public IP) from a tethered connection from my KPN SIM.
With the PublicIPaddressOrName parameter
Below is a part of the screen output of running the Get-WhoisInfo function with the PublicIPaddressOrName parameter. It shows the details for 8.8.8.8 in this example. You can also use Get-WhoisInfo -PublicIPaddressOrName google.com to get details from that…
The script
Below is the script itself. It needs to have the PSParseHTML installed and will install it for you when needed, which could give you a one-time installation question.
Note: You sometimes get time-outs from the whois.com website, and then no results are returned 🙁 This is mainly the case for domain names. Ip- addresses seem to work just fine.
function Get-WhoisInfo {
param(
[parameter(Mandatory = $false)][string]$PublicIPaddressOrName
)
#Check if the module PSParseHTML is installed and install
#the module if it's not installed
if (-not (Get-Command ConvertFrom-HTMLClass -ErrorAction SilentlyContinue)) {
Install-Module PSParseHTML -SkipPublisherCheck -Force:$true -Confirm:$false
}
try {
#Get results from your own Public IP Address
if (-not ($PublicIPaddressOrName)) {
$ProgressPreference = "SilentlyContinue"
$PublicIPaddressOrName = (Invoke-WebRequest -uri https://api.ipify.org?format=json | ConvertFrom-Json -ErrorAction Stop).ip
$whoiswebresult = Invoke-Restmethod -Uri "https://www.whois.com/whois/$($PublicIPaddressOrName)" -TimeoutSec 15 -ErrorAction SilentlyContinue
$whoisinfo = ConvertFrom-HTMLClass -Class 'whois-data' -Content $whoiswebresult -ErrorAction SilentlyContinue
write-host ("Getting WHOIS details for {0}" -f $PublicIPaddressOrName) -ForegroundColor Green
}
#Get results from the Public IP or name specified
else {
$ProgressPreference = "SilentlyContinue"
if ((($PublicIPaddressOrName).Split('.').Length -eq 4)) {
$whoiswebresult = Invoke-Restmethod -Uri "https://www.whois.com/whois/$($PublicIPaddressOrName)" -TimeoutSec 15 -ErrorAction SilentlyContinue
$whoisinfo = ConvertFrom-HTMLClass -Class 'whois-data' -Content $whoiswebresult -ErrorAction SilentlyContinue
write-host ("Getting WHOIS details for {0}" -f $PublicIPaddressOrName) -ForegroundColor Green
}
else {
$whoiswebresult = Invoke-Restmethod -Uri "https://www.who.is/whois/$($PublicIPaddressOrName)" -TimeoutSec 30 -ErrorAction SilentlyContinue
$whoisinfo = ConvertFrom-HTMLClass -Class 'df-raw' -Content $whoiswebresult -ErrorAction SilentlyContinue
write-host ("Getting WHOIS details for {0}" -f $PublicIPaddressOrName) -ForegroundColor Green
}
}
Return $whoisinfo
}
catch {
Write-Warning ("Error getting WHOIS details")
}
}
Making it available in your PowerShell sessions
To make this function available in your PowerShell sessions, you can add it to your profile by adding this line (Use notepad $profile in a PowerShell session to open it)
. c:\data\Get-WhoisInfo.ps1
Download the script(s) from GitHub here