0

I am quite new to PHP, and I am determined to make myself a tool about domain's information.

I am requesting for the user, to input the domain name, and afterwards, I dig separate DNS records, such as A,NS etc.

The issue that I am facing, is that the whois command, does not grep the output I need, while using the variable from digging. Everything works, if I put the IP value myself within the code.

Example, when it works:

$command = sprintf("whois %s | grep 'descr'", "141.136.44.163" );
$Host = shell_exec($command);

Output:

descr: Hostinger International Ltd. descr: HOSTINGER LT

When it does not work:

$outputA = shell_exec("dig +short a $Domain");
$command = sprintf("whois %s | grep 'descr'", $outputA );
$Host = shell_exec($command);

Output: OUTPUT IMAGE

Basically, it seems that the whois command is running and it works, although it is no longer grepping the 'descr'. The thing is, that the output of echo $outputA and manually written IP address is identical. Checked multiple times while doing the echo, it is literally the same. Would really appreciate your thoughts here, I was trying multiple diferent techniques to execute the command line.

For reference, my full code:

function dnsLookup() {
$Domain = $_POST['DomainName'];
echo "DNS records for domain:", $Domain;
echo nl2br("\n\n\n\n", false);
echo "NS records are:";
$outputNS = shell_exec("dig +short ns $Domain");
$outputA = shell_exec("dig +short a $Domain");
$outputMX = shell_exec("dig +short mx $Domain");
$outputTXT = shell_exec("dig +short txt $Domain");
echo "<pre>$outputNS</pre>";
echo nl2br("\n", false);
echo "A records are:";
echo "<pre>$outputA</pre>";
echo nl2br("\n", false);
echo "MX records are:";
echo "<pre>$outputMX</pre>";
echo nl2br("\n", false);
echo "TXT records are:";
echo "<pre>$outputTXT</pre>";
$Registrar = shell_exec("whois $Domain | grep 'Registrar'");
$command = sprintf("whois %s | grep 'descr'", $outputA );
$Host = shell_exec($command);
echo nl2br("\n", false);
echo "Original domain's Registrar:";
echo "<pre>$Registrar<pre>";
echo "<pre>$Host<pre>";

Btw, using post method, in order to grab the domain name from the form within the website, and it is copied perfectly, since the above command line for greping the "Registrar" with the domain name works great.

Please let me know, why the manually written IP address is acting differently comparing to variable.

Hoolis
  • 47
  • 6

2 Answers2

1

Check the output text - it's different between IP and domain name. Registrant Name may not be what you're looking for, change the text after reviewing the output.

$ whois hostinger.com | grep "descr\|Registrant Name"
Registrant Name: GDPR Masked
$ whois 141.136.44.163 | grep 'descr'
descr:          Hostinger International Ltd.
descr:          HOSTINGER LT

Also, you need validation and escaping to protect your server from command-line injection

<?php

$ip = '141.136.44.163';
$domain = 'hostinger.com';

dnsLookup($ip);    
dnsLookup($domain);
dnsLookup('garbage');

function dnsLookup($value) {
        // whether it is an IP address or a domain name, it must have a . to separate the digits or TLD
        if (strpos($value,'.') === false) die('Bad input');

        // validate, taking either a domain name or an IP address, returning false if neither
        $lookup = filter_var($value,FILTER_VALIDATE_DOMAIN,FILTER_FLAG_HOSTNAME|FILTER_NULL_ON_FAILURE) ??
                filter_var($value,FILTER_VALIDATE_IP,FILTER_NULL_ON_FAILURE) ?? false;

        // if the $value was invalid, die
        if ($lookup === false) die('Bad input');

        // do the lookup
        $Domain = escapeshellarg($lookup);
        echo "DNS records for domain:", $Domain;
        echo nl2br("\n\n\n\n", false);
        echo "NS records are:";
        $outputNS = shell_exec("dig +short ns $Domain");
        $outputA = shell_exec("dig +short a $Domain");
        $outputMX = shell_exec("dig +short mx $Domain");
        $outputTXT = shell_exec("dig +short txt $Domain");
        echo "<pre>$outputNS</pre>";
        echo nl2br("\n", false);
        echo "A records are:";
        echo "<pre>$outputA</pre>";
        echo nl2br("\n", false);
        echo "MX records are:";
        echo "<pre>$outputMX</pre>";
        echo nl2br("\n", false);
        echo "TXT records are:";
        echo "<pre>$outputTXT</pre>";
        $Registrar = shell_exec("whois $Domain | grep 'Registrar'");
        $command = sprintf("whois %s | grep 'descr\\|Registrant Name'", $outputA );
        $Host = shell_exec($command);
        echo nl2br("\n", false);
        echo "Original domain's Registrar:";
        echo "<pre>$Registrar</pre>";
        echo "<pre>$Host</pre>";
}
user2182349
  • 9,569
  • 3
  • 29
  • 41
  • Thank you for the validation part, really appreciate it! What I am trying to achieve, is by IP address, to check, to where exactly domain is pointing, a.k.a what hosting company. You can try inputing the IP address to the whois.com and you will see, that 'descr' is the one that shows the company name, at this moment hostinger. The issue is the same - When I write the IP manually, it works, when I take the IP address from the dig command of the domain, whois gives back an answer without 'grep'. I am using Registrant with the domain name, as with IP, I want to use 'descr' – Hoolis Jan 02 '22 at 21:32
  • You are trying to determine where a domain is hosted? – user2182349 Jan 02 '22 at 21:34
  • Correct, the Registrant part is used to determinate, where the domain was originally bought, where it is currently still located, where it's billing cycle needs to be renewed, etc. As for the IP part, I want to find out, where the domain is pointed (to what Hosting provider). Domain can be bought for example at GoDaddy, but hosted at Hostinger and etc. – Hoolis Jan 02 '22 at 21:38
  • My thought, that A record when it is digged and saved in the variable acts differently comparing to manually written IP within the whois command, although the echo shows the same output, so no idea what is causing it. – Hoolis Jan 02 '22 at 21:41
  • Use this command `whois \`dig +short a cookies.com\` | grep OrgName` – user2182349 Jan 02 '22 at 21:47
  • Geralt solved the issue, as there was an empty space after the dig command, thank you for everything, proceeding to build my tool :) – Hoolis Jan 02 '22 at 21:50
1

You can check the length of your string ($outputA) with var_dump($outputA) and you'll find that there is one more white-char which is the reason.

The solution is simply sanitizing the string:

$correctIP  = trim($outputA);
Kaii
  • 20,122
  • 3
  • 38
  • 60
Geralt
  • 36
  • 3