Lookup IP address Owners


I was working a case at work last week and needed to show who owned an IP address in my notes. To lookup IP address owners I generally go to Mxtoolbox and use their ARIN whois tool to lookup the owner. MXtoolbox provides data, but it’s not presented in a format simple to cut and paste into ticket notes. For me, directly pasting colour formated mono spaced words is much prettier in notes then a pasting of a picture of a website.

Being able to create, what I feel, are pretty ticket notes is great motivation to do some scripting. The scripts I ended up creating connections to the major RIR providers and perform REST requests to ARIN, RIPE, and APNIC, and basic webcalls to AFRINIC, and LACNIC. AFRINIC and LACNIC do not currently offer an API support, hence the web scrapes. The script then formats the data returned into a pretty format and in some cases, like ARIN, it performs additional requests to extract more data such as Admin and Tech contacts information.

I first wrote the script with a pile or write-host commands to format the data. Then someone at work said something like “write-host ewww, objects are cool” which motivated me to rewrite the script creating objects for each REST return then returning the object, vs returning the data using write-host. Both versions return the same data. After doing it I think the object version is prettier.  You can find the resulting scripts posted on GITHUB  – https://github.com/HappyKevinm/get-whoisip

Example of the outputs are below

getwhois.png

Powershell Output 

getwhois_mxt.png

Screenshot of what a paste from mxtoolbox would look like

 

Leave a Reply