Skip to main content

ipwhois

The ipwhois tool retrieves and parses WHOIS and RDAP information for IPv4 and IPv6 addresses, as well as domain names, within automated security workflows. It provides insights such as ASN lookups, network details, contact information, and registrar data, enabling comprehensive reconnaissance during security assessments.

Ideal Use Cases & Fit

This tool is ideal for scenarios requiring detailed information about IP addresses or domains, such as:

  • Network reconnaissance during penetration testing to gather intelligence on target infrastructure.
  • Verifying ownership or registration details of domains as part of threat analysis.
  • Automating data collection for compliance audits involving IP address allocations.

It may not be suitable for contexts where real-time updates are critical, or when non-static domains/addresses are involved.

Value in Workflows

Integrating ipwhois into security workflows enhances the early reconnaissance phase, allowing workflow builders to automate the collection of essential IP and domain intelligence. This capability supports more informed decision-making later in workflows, contributing to an overall reduction in manual effort and increased accuracy in threat assessments.

Input Data

The tool expects input data in the format of newline-separated IP addresses or domain names. This input must be provided as a file and is a required field.

Example:

8.8.8.8  
1.1.1.1  
vulnweb.com  
google.com  
2001:4860:4860::8888

Configuration

  • lookup-method: Specifies the method for lookups, allowing the choice between modern RDAP and legacy WHOIS protocols.
  • timeout: Defines the default duration for socket connections to prevent hanging queries.
  • retry-count: Sets the number of retries on socket errors or timeouts to ensure data retrieval robustness.
  • depth: Determines the number of levels deep to execute RDAP queries for additional referenced objects.
  • inc-raw: Controls whether raw WHOIS/RDAP results are included in the output, providing more comprehensive data.
  • get-referral: Allows retrieval of additional WHOIS referral information if available for legacy queries.
  • inc-nir: Enables National Internet Registry lookups, enhancing data completeness for specific regions.
  • proxy-url: Designates an HTTP proxy for RDAP queries, aiding in environments where direct access to the internet is restricted.
  • silent: Suppresses console output during execution, useful for automated processes where output clutter needs to be minimized. Updated: 2026-01-21