Reverse Whois

R

Romuloux

New member
Mar 29, 2012
15
0
0
Hi Guys,

This is my first real post on the WF forum. I searched but only found one thread from a year ago and it pointed to domain tools as the answer.

While I would love to do that, the report I want is $749.:repuke:

I am trying to make something that would perform a reverse whois, the programming involved appears straight forward, but I have not been able to find a whois database that would be easy to crawl.

Do any of you in this forum know of any?

Any help would be much appreciated.

Thanks
 


you won't find a whois db you can crawl, the data is heavily protected because of preventing spam abuse (crawling for all emails in the db to hit with spam blasts).
 
That makes sense, didn't think that one all the way through. How do all of the whois websites get access?
 
Verisign offers a service where you can download their entire db. Last time I checked it was free. It won't get you every tld, but it'll get you any they control.
 
crackp0t said:
Verisign offers a service where you can download their entire db. Last time I checked it was free. It won't get you every tld, but it'll get you any they control.
Click to expand...

Tried my hardest to find it, no luck. The reps that I spoke with from VeriSign were not terribly helpful either.

They both kept telling me that they can only provide a thin whois, when I asked how I could access this information, they reverted back to saying, we only provide a thin whois. Went around in circles for a while then I just gave up.

Thanks for the tip though.
 
Last edited:
Romuloux said:
Tried my hardest to find it, no luck. The reps that I spoke with from VeriSign were not terribly helpful either.

They both kept telling me that they can only provide a thin whois, when I asked how I could access this information, they reverted back to saying, we only provide a thin whois. Went around in circles for a while then I just gave up.

Thanks for the tip though.
Click to expand...

search for zone file databases. There are a couple of different sources for them

Here's the most common source of them: http://www.premiumdrops.com/zones.html
 
Verisign don't allow you to download their entire database. What they do do though, is allow you access to the zone files for the TLDs they manage (.com, .net, etc.). Zone file access requires you to contact them and ask for permission to access it, though as long as you don't hit their servers too often and don't do anything obviously nefarious, they'll give you access. Zone files only provide a list of DNS records though, so the zone files won't contain any domains that have no DNS records. Usually you won't care about those though. If you want actual whois information, you have to hit the verisign-grs whois server at whois.verisign-grs.com on port 43 using a tcp client. Doing so allows you to request the whois record for a given domain, but it does employ rate limiting against your IP address, so you'll need a few SOCKS proxies to get a decent number of whois records. There is no way, as best I can tell, to get a complete, reliable list of all domains that are currently registered. The zone files are the closest you'll get to that, seeing as most domains usually have at least one DNS entry.
 
I forgot which server I had this on, otherwise I'd have responded earlier.

I've got 255,264,740 full whois records from 2011 totaling 385gigs.

Total pain in the ass to get.
 
NathanRidley said:
Why didn't you just hit the verisign-grs whois server directly?
Click to expand...

Verisign only gives you first level whois. You do a request to them to find the second level whois server which contains all the data. For example:

[root@mini ~]# whois -n google.com
[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to InterNIC | The Internet's Network Information Center
for detailed information.

Domain Name: GOOGLE.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: serverDeleteProhibited
Status: serverTransferProhibited
Status: serverUpdateProhibited
Updated Date: 20-jul-2011
Creation Date: 15-sep-1997
Expiration Date: 14-sep-2020

>>> Last update of whois database: Thu, 10 May 2012 09:09:42 UTC <<<


There is little to no juicy information there.
 
Sure, but that of course then begs the question, why not then use the referred whois server? Is it just a case of variable rate limits?

Also, may I ask how many proxies you were using to obtain all of this?
 
Jason - he said that there is little to no juicy information in the Verisign whois record. The actual referred server, e.g. whois.markmonitor.com in his example, would be a different story I'd assume, and this wouldn't require CAPTCHA solving.
 
NathanRidley said:
Jason - he said that there is little to no juicy information in the Verisign whois record. The actual referred server, e.g. whois.markmonitor.com in his example, would be a different story I'd assume, and this wouldn't require CAPTCHA solving.
Click to expand...

Whois wickedfire.com (it's on Godaddy) ~20 times and you'll get pushed over to their website. Go through the web interface ~5-10 times and you'll be asked for a CAPTCHA.
 
You must log in or register to reply here.
Top Bottom
Back