0

Am trying to implement a script to gather data on spammers.

I need to get informations from a whois request.

When doing (on Google Colaboratory) :

!pip install python-whois
import whois

whois.whois('sommeilautop.fr')

I get the following result :

{'creation_date': datetime.datetime(2020, 2, 14, 8, 24, 1),
 'domain_name': 'sommeilautop.fr',
 'emails': ['support@ovh.net',
  '7wxs650u2ah7ijs2bofo@i.o-w-o.info',
  'nic@nic.fr',
  'tech@ovh.net',
  'abuse@ovh.net'],
 'expiration_date': datetime.datetime(2021, 8, 1, 22, 8, 4),
 'name_servers': ['ns-cloud-c2.googledomains.com',
  'ns-cloud-c1.googledomains.com',
  'ns-cloud-c3.googledomains.com',
  'ns-cloud-c4.googledomains.com'],
 'registrar': 'OVH',
 'status': ['ACTIVE', 'not identified'],
 'updated_date': datetime.datetime(2020, 10, 30, 2, 2, 47)}

The owner of the domain is missing.

When I use a regular whois website (http://www.whois-raynette.fr/whois/sommeilautop.fr) to get informations about this domain I get :

domain: sommeilautop.fr
status: ACTIVE
hold: NO
holder-c: ANO00-FRNIC
admin-c: M148670-FRNIC
tech-c: OVH5-FRNIC
zone-c: NFC1-FRNIC
nsl-id: NSL22136-FRNIC
registrar: OVH
Expiry Date: 2021-08-01T22:08:04Z
created: 2020-02-14T08:24:01Z
last-update: 2020-10-30T02:02:47Z
source: FRNIC

ns-list: NSL22136-FRNIC
nserver: ns-cloud-c2.googledomains.com
nserver: ns-cloud-c1.googledomains.com
nserver: ns-cloud-c3.googledomains.com
nserver: ns-cloud-c4.googledomains.com
source: FRNIC

registrar: OVH
type: Isp Option 1
address: 2 Rue Kellermann
address: 59100 ROUBAIX
country: FR
phone: +33 8 99 70 17 61
fax-no: +33 3 20 20 09 58
e-mail: support@ovh.net
website: http://www.ovh.com
anonymous: NO
registered: 1999-10-21T12:00:00Z
source: FRNIC

nic-hdl: ANO00-FRNIC
type: PERSON
contact: Ano Nymous
remarks: -------------- WARNING --------------
remarks: While the registrar knows him/her,
remarks: this person chose to restrict access
remarks: to his/her personal data. So PLEASE,
remarks: don't send emails to Ano Nymous. This
remarks: address is bogus and there is no hope
remarks: of a reply.
remarks: -------------- WARNING --------------
registrar: OVH
changed: 2020-10-30T02:02:41Z anonymous@anonymous
anonymous: YES
obsoleted: NO
eligstatus: not identified
reachstatus: not identified
source: FRNIC

nic-hdl: M148670-FRNIC
type: ORGANIZATION
contact: Mesdevs
address: Mesdevs
address: 29 avenue du 8 mai 1945
address: 95200 SARCELLES
country: FR
phone: +33.629028027
e-mail: 7wxs650u2ah7ijs2bofo@i.o-w-o.info
registrar: OVH
changed: 2020-10-30T02:02:45Z nic@nic.fr
anonymous: NO
obsoleted: NO
eligstatus: not identified
reachstatus: not identified
source: FRNIC

nic-hdl: OVH5-FRNIC
type: ROLE
contact: OVH NET
address: OVH
address: 140, quai du Sartel
address: 59100 Roubaix
country: FR
phone: +33 8 99 70 17 61
e-mail: tech@ovh.net
trouble: Information: http://www.ovh.fr
trouble: Questions: mailto:tech@ovh.net
trouble: Spam: mailto:abuse@ovh.net
admin-c: OK217-FRNIC
tech-c: OK217-FRNIC
notify: tech@ovh.net
registrar: OVH
changed: 2006-10-11T08:41:58Z tech@ovh.net
anonymous: NO
obsoleted: NO
eligstatus: not identified
reachstatus: not identified
source: FRNIC

What am interested in is the ORGANIZATION contact and address.

Is there a way for me to gather this complete information with python ?

Arnaud
  • 141
  • 2
  • 9
  • It's open source, you can modify it to get the additional information. It has a custom parser for each TLD, and those are the only fields in `whoisFR()`. – Barmar Jul 02 '21 at 15:27
  • Thank you for your answer but I wouldn't know how to do it as am a python beginner. Modifying what ? The whois function ? I don't get it. Is there a tutorial somewhere on how to do that ? – Arnaud Jul 02 '21 at 15:32
  • For each TLD, there's a function that lists all the fields to extract and a regular expression to match them. It should be straightforward for you to add additional fields. It's in the file `parser.py`. – Barmar Jul 02 '21 at 15:34
  • See https://github.com/richardpenman/whois/blob/master/whois/parser.py#L802 – Barmar Jul 02 '21 at 15:34
  • Is there a way to declare and override a new whoisFR() function without modifying the initial parser.py file ? (am working on google colaboratory, so it's a online environment). – Arnaud Jul 02 '21 at 15:50
  • I don't think so, sorry. – Barmar Jul 02 '21 at 15:52

0 Answers0