How To Query APNIC WHOIS With Powershell
Posted on February 16, 2021
- and tagged as
- powershell
I’m finding myself frequently needing to query APNIC for IP WHOIS data, and while I tend to always have a PowerShell prompt (or 17) open, I rarely have the APNIC site handy, so I thew together a little function that sits in my $Profile which hits the APNIC search endpoint and returns the WHOIS data for a given IP.
As we’re only querying APNIC this is going to work for Asia-Pacific based addresses.
Much like my custom ping function, I want to be able to paste in an IP, or a hostname/URL and have it work out the rest.
function Get-APNICWhois {
[CmdletBinding()]
Param (
[Parameter(Mandatory, ValueFromPipeline)]
[string]$Target,
[switch]$FullInfo = $false
)
try {
if ([IPAddress]$Target -eq ([IPAddress]$Target).IPAddressToString) {
$IP = $Target
}
}
catch {
$Domain = ([System.Uri]$Target).Host
if ($null -eq $Domain) { $Domain = $Target }
$IP = (Resolve-DnsName -Type A -Name $Domain).IPAddress
if ($IP.Count -gt 1) {
Write-Warning "More than 1 IP returned for DNS lookup, using first returned IP"
$IP = $IP | Select -First 1
}
}
Write-Host "Getting WHOIS data for $IP"
$Response = Invoke-RestMethod "https://wq.apnic.net/query?searchtext=$IP"
$WHOIS = @()
$Response | % {
if ($FullInfo -eq $true) {
if ($null -ne $_.attributes) {
$_.attributes | Add-Member -MemberType NoteProperty -Name Type -Value $_.objecttype
$WHOIS += $_.attributes
}
}
else {
if (($null -ne $_.attributes) -and ($_.objecttype -eq "inetnum")) {
$_.attributes | Add-Member -MemberType NoteProperty -Name Type -Value $_.objecttype
$WHOIS += $_.attributes
}
}
}
$WHOIS | select Type, Name, @{L = "Values"; E = { $_.Values -join [System.Environment]::NewLine } }
}Since we’re in the business of saving time, let’s alias that to something quicker to type.
New-Alias -Name apnic -Value Get-APNICWhoisHere are a few examples.
PS C:\> apnic 203.36.190.7
Getting WHOIS data for 203.36.190.7
Type name Values
---- ---- ------
inetnum inetnum 203.36.0.0 - 203.39.255.255
inetnum netname TELSTRAINTERNET10-AU
inetnum descr Telstra Internet
inetnum descr Locked Bag 5744
inetnum descr Canberra
inetnum descr ACT 2601
inetnum country AU
inetnum org ORG-TC6-AP
inetnum admin-c
inetnum tech-c
inetnum abuse-c AT1005-AP
inetnum status ALLOCATED PORTABLE
inetnum remarks -----
inetnum remarks All reports regarding SPAM or security breaches
inetnum remarks should be addressed to abuse@telstra.net
inetnum remarks ------
inetnum mnt-by
inetnum mnt-lower MAINT-AU-TIAR-AP
inetnum mnt-routes MAINT-AU-TIAR-AP
inetnum mnt-irt IRT-TELSTRA-AU
inetnum last-modified 2020-12-09T23:10:50Z
inetnum source APNICBy default, I only return the inetnum objects, but we can return all data with the -FullInfo switch.
PS C:\> apnic 203.36.190.7 -FullInfo
Getting WHOIS data for 203.36.190.7
Type name Values
---- ---- ------
inetnum inetnum 203.36.0.0 - 203.39.255.255
inetnum netname TELSTRAINTERNET10-AU
inetnum descr Telstra Internet
inetnum descr Locked Bag 5744
inetnum descr Canberra
inetnum descr ACT 2601
inetnum country AU
inetnum org ORG-TC6-AP
inetnum admin-c
inetnum tech-c
inetnum abuse-c AT1005-AP
inetnum status ALLOCATED PORTABLE
inetnum remarks -----
inetnum remarks All reports regarding SPAM or security breaches
inetnum remarks should be addressed to abuse@telstra.net
inetnum remarks ------
inetnum mnt-by
inetnum mnt-lower MAINT-AU-TIAR-AP
inetnum mnt-routes MAINT-AU-TIAR-AP
inetnum mnt-irt IRT-TELSTRA-AU
inetnum last-modified 9/12/2020 11:10:50 PM
inetnum source APNIC
irt irt IRT-TELSTRA-AU
irt address Telstra Internet
irt e-mail abuse@telstra.net
irt abuse-mailbox abuse@telstra.net
irt admin-c
irt tech-c
irt auth # Filtered
irt remarks abuse@telstra.net was validated on 2020-12-01
irt mnt-by
irt last-modified 1/12/2020 7:09:27 PM
irt source APNIC
organisation organisation ORG-TC6-AP
organisation org-name Telstra Corporation
organisation country AU
organisation address 242 Exhibition Street
organisation phone +61-3-0000-0000
organisation fax-no +61-3-0000-0000
organisation e-mail corporateaddressing@team.telstra.com
organisation mnt-ref APNIC-HM
organisation mnt-by
organisation last-modified 12/11/2020 12:56:17 PM
organisation source APNIC
role role ABUSE TELSTRAAU
role address Telstra Internet
role country ZZ
role phone +000000000
role e-mail abuse@telstra.net
role admin-c
role tech-c
role nic-hdl AT1005-AP
role remarks Generated from irt object IRT-TELSTRA-AU
role abuse-mailbox abuse@telstra.net
role mnt-by
role last-modified 26/05/2020 8:30:11 PM
role source APNIC
role role Telstra AU NOC
role address Telstra Internet
role address 242 Exhibition Street
role address Melbourne
role address VIC 3000
role country AU
role phone +61 0 0000 0000
role e-mail ipnoc-au@team.telstra.com
role admin-c
role tech-c
role nic-hdl TAN2-AP
role mnt-by
role last-modified 1/12/2020 1:22:05 AM
role source APNIC
person person Telstra Internet Address Registry
person address Telstra Internet
person address Locked Bag 5744
person address Canberra
person address ACT 2601
person country AU
person phone +61 000000000
person e-mail addressing@telstra.net
person nic-hdl TIAR-AP
person remarks Telstra Internet Address Registry Role Object
person mnt-by
person last-modified 30/10/2020 3:42:28 AM
person source APNIC
route route 203.36.0.0/14
route origin AS1221
route descr Telstra Corporation…
route mnt-by
route last-modified 11/12/2019 9:09:21 PM
route source APNICI also have a basic function that gets my current WAN IP address, this also sits in my $Profile.
function WANIP {
Invoke-RestMethod http://ifconfig.me/ip
}As the Get-APNICWhois function accepts pipeline input, we can pipe wanip output straight to it.
PS C:\> wanip | apnic
Getting WHOIS data for 27.33.194.12 # Not my actual IP 😅
Type name Values
---- ---- ------
inetnum inetnum 27.32.0.0 - 27.33.255.255
inetnum netname TPG-AU
inetnum descr TPG Internet Pty Ltd.
inetnum country AU
inetnum org ORG-TIPL2-AP
inetnum admin-c
inetnum tech-c
inetnum abuse-c AT937-AP
inetnum status ALLOCATED PORTABLE
inetnum remarks Australian Internet Service Provider (ISP)
inetnum remarks http://www.tpg.com.au
inetnum remarks --------------------------------------------------------
inetnum remarks To report network abuse, please contact mnt-irt
inetnum remarks For troubleshooting, please contact tech-c and admin-c
inetnum remarks Report invalid contact via www.apnic.net/invalidcontact
inetnum remarks --------------------------------------------------------
inetnum mnt-by
inetnum mnt-lower MAINT-AU-TPGCOM
inetnum mnt-irt IRT-TPGCOM-AU
inetnum last-modified 14/05/2020 11:17:49 AM
inetnum source APNICThat’s it, hope this is useful for others in the Asia Pacific region!