如何在Python 3中通过IP获取WhoIs信息?
注意:这不是一个推荐库的问题,而是关于解决这个问题的可能方法。
问题:在Python 3中,有哪些方法可以从给定的IP地址获取WhoIs信息?结果应该至少包含:
- 注册国家
- 互联网服务提供商(ISP)的名称、地址和滥用举报邮箱
- 如果已注册,域名
- 注册日期和到期日期
- 如果结果不是纯文本,并且以上信息是结构化的,那就更好了
我不想要围绕shell的“whois”命令的封装,因为这个程序必须在Windows下运行。
在问这个问题之前,我在谷歌上找到了以下库:
以下库在通过pip安装或导入时会报错:
BulkWhoisWhoisClientcymruwhoisdwhoisipwhoispyiptoolspython-whoispywhoisuwhoisdwhoiswhoislookupwhoispy
以下库在Python 3中可以使用,但它们的功能正好与我想要的相反——它们是通过域名查找,而不是通过IP地址:
nicnamespythonwhois
在提问之前,我查看了以下问题:
2 个回答
5
这里有一个简单的解决方案,适用于Python 3:
首先,导入以下这个包:
pip install python-whois
然后运行下面的代码:
import whois
w = whois.whois('74.125.225.229')
31
从这里安装dnspython的稳定版本。
然后运行 pip3 install ipwhois 来安装ipwhois。
In [37]: from ipwhois import IPWhois
In [38]: obj = IPWhois('74.125.225.229')
In [39]: res=obj.lookup()
In [40]: res["nets"][0]['country']
Out[40]: 'US'
In [41]: res["nets"][0]['abuse_emails']
Out[41]: 'arin-contact@google.com'
In [42]: from pprint import pprint
In [43]: pprint(res)
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_registry': 'arin',
'nets': [{'abuse_emails': 'arin-contact@google.com',
'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13T00:00:00',
'description': 'Google Inc.',
'misc_emails': None,
'name': 'GOOGLE',
'postal_code': '94043',
'state': 'CA',
'tech_emails': 'arin-contact@google.com',
'updated': '2012-02-24T00:00:00'}],
'query': '74.125.225.229',
'raw': None}
HTTP:
In [44]: res=obj.lookup_rws()
In [45]: pprint(res)
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_registry': 'arin',
'nets': [{'abuse_emails': 'arin-contact@google.com',
'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13T12:09:54-04:00',
'description': 'Google Inc.',
'misc_emails': None,
'name': 'GOOGLE',
'postal_code': '94043',
'state': 'CA',
'tech_emails': 'arin-contact@google.com',
'updated': '2012-02-24T09:44:34-05:00'}],
'query': '74.125.225.229',
'raw': None}
API(应用程序接口)已经发生了变化,对于旧版的ipwhois来说,IPWhois.lookup() 从版本0.12.0开始被弃用了,将会被移除。旧版的whois查询功能已经转移到IPWhois.lookup_whois()方法中。
你可以使用这个方法,我已经关闭了警告,以便能够看到输出结果,但在实际使用中,还是要注意那些弃用的警告:
In [30]: from warnings import filterwarnings
In [31]: filterwarnings( action="ignore")
In [32]: from ipwhois import IPWhois
In [33]: obj = IPWhois('74.125.225.229')
In [34]: obj.lookup_whois()
Out[34]:
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_description': 'GOOGLE - Google Inc., US',
'asn_registry': 'arin',
'nets': [{'address': '1600 Amphitheatre Parkway',
'cidr': '74.125.0.0/16',
'city': 'Mountain View',
'country': 'US',
'created': '2007-03-13',
'description': 'Google Inc.',
'emails': ['arin-contact@google.com', 'network-abuse@google.com'],
'handle': 'NET-74-125-0-0-1',
'name': 'GOOGLE',
'postal_code': '94043',
'range': '74.125.0.0 - 74.125.255.255',
'state': 'CA',
'updated': '2012-02-24'}],
'nir': None,
'query': '74.125.225.229',
'raw': None,
'raw_referral': None,
'referral': None}
文档中说明,现在推荐使用IPWhois.lookup_rdap()作为查询方法。RDAP提供了比旧版whois和REST查询更好的数据结构。RDAP查询可以解析用户、组织和团体的联系信息和详细信息。RDAP还提供了更详细的网络信息。
但是,如果完全按照使用示例来写,或者添加asn_methods=["whois"]),仍然会出现弃用警告,所以这在实际使用中需要特别注意。
In [31]: from ipwhois import IPWhois
In [32]: obj = IPWhois('74.125.225.229')
/usr/local/lib/python3.6/site-packages/ipwhois/net.py:138: UserWarning: allow_permutations has been deprecated and will be removed. It is no longer needed, due to the deprecation of asn_alts, and the addition of the asn_methods argument.
warn('allow_permutations has been deprecated and will be removed. '
In [33]: obj.lookup_rdap(asn_methods=["whois"])
/usr/local/lib/python3.6/site-packages/ipwhois/asn.py:302: UserWarning: IPASN._parse_fields_whois() has been deprecated and will be removed. You should now use IPASN.parse_fields_whois().
warn('IPASN._parse_fields_whois() has been deprecated and will be '
Out[33]:
{'asn': '15169',
'asn_cidr': '74.125.225.0/24',
'asn_country_code': 'US',
'asn_date': '2007-03-13',
'asn_description': 'GOOGLE - Google Inc., US',
'asn_registry': 'arin',
'entities': ['GOGL'],
'network': {'cidr': '74.125.0.0/16',
'country': None,
'end_address': '74.125.255.255',
'events': [{'action': 'last changed',
'actor': None,
'timestamp': '2012-02-24T09:44:34-05:00'},
{'action': 'registration',
'actor': None,
'timestamp': '2007-03-13T12:09:54-04:00'}],
'handle': 'NET-74-125-0-0-1',
'ip_version': 'v4',
'links': ['https://rdap.arin.net/registry/ip/074.125.000.000',
'https://whois.arin.net/rest/net/NET-74-125-0-0-1'],
'name': 'GOOGLE',
'notices': [{'description': 'By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use',
'links': ['https://www.arin.net/whois_tou.html'],
'title': 'Terms of Service'}],
'parent_handle': 'NET-74-0-0-0-0',
'raw': None,
'remarks': None,
'start_address': '74.125.0.0',
'status': None,
'type': None},
'nir': None,
'objects': {'GOGL': {'contact': {'address': [{'type': None,
'value': '1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES'}],
'email': None,
'kind': 'org',
'name': 'Google Inc.',
'phone': None,
'role': None,
'title': None},
'entities': ['ABUSE5250-ARIN', 'ZG39-ARIN'],
'events': [{'action': 'last changed',
'actor': None,
'timestamp': '2017-01-28T08:32:29-05:00'},
{'action': 'registration',
'actor': None,
'timestamp': '2000-03-30T00:00:00-05:00'}],
'events_actor': None,
'handle': 'GOGL',
'links': ['https://rdap.arin.net/registry/entity/GOGL',
'https://whois.arin.net/rest/org/GOGL'],
'notices': None,
'raw': None,
'remarks': None,
'roles': ['registrant'],
'status': None}},
'query': '74.125.225.229',
'raw': None}