Table: whois_domain - Query Whois Domains using SQL
Whois is a protocol that is used to query databases that store the registered users or assignees of an Internet resource, such as a domain name or an IP address block. It provides information related to the registration and ownership of a domain name. This includes details about the registrant, administrative, billing and technical contacts.
Table Usage Guide
The whois_domain
table provides insights into domain names within the Whois protocol. As a security analyst, explore domain-specific details through this table, including registration, ownership, and associated metadata. Utilize it to uncover information about domains, such as their registrant details, administrative contacts, and the status of the domain.
Important Notes
- It's not practical to list all domains in the world, so this table requires a
domain
qualifier to be passed in thewhere
orjoin
clause for all queries.
Examples
Basic whois info
select domain, expiration_datefrom whois_domainwhere domain = 'steampipe.io';
select domain, expiration_datefrom whois_domainwhere domain = 'steampipe.io';
Days until expiration
select domain, expiration_date, date_part('day', expiration_date - current_date) as days_until_expirationfrom whois_domainwhere domain = 'steampipe.io';
select domain, expiration_date, julianday(expiration_date) - julianday(date('now')) as days_until_expirationfrom whois_domainwhere domain = 'steampipe.io';
Get name server information
select domain, name_serversfrom whois_domainwhere domain = 'steampipe.io';
select domain, name_serversfrom whois_domainwhere domain = 'steampipe.io';
Check domain status codes
Commonly used protections:
select domain, client_delete_prohibited, client_transfer_prohibited, client_update_prohibited, server_delete_prohibited, server_transfer_prohibited, server_update_prohibitedfrom whois_domainwhere domain = 'steampipe.io';
select domain, client_delete_prohibited, client_transfer_prohibited, client_update_prohibited, server_delete_prohibited, server_transfer_prohibited, server_update_prohibitedfrom whois_domainwhere domain = 'steampipe.io';
Check for any EPP status code:
select domain, status, status ? 'pendingtransfer' as pending_transferfrom whois_domainwhere domain = 'steampipe.io';
select domain, status, json_extract(status, '$.pendingtransfer') as pending_transferfrom whois_domainwhere domain = 'steampipe.io';
Contact information
select domain, jsonb_pretty(admin) as admin, jsonb_pretty(billing) as billing, jsonb_pretty(registrant) as registrant, jsonb_pretty(technical) as technicalfrom whois_domainwhere domain = 'steampipe.io';
select domain, admin, billing, registrant, technicalfrom whois_domainwhere domain = 'steampipe.io';
Registrar managing the domain
select domain, registrar ->> 'name' as registrarfrom whois_domainwhere domain = 'steampipe.io';
select domain, json_extract(registrar, '$.name') as registrarfrom whois_domainwhere domain = 'steampipe.io';
Working with multiple domains
select domain, expiration_datefrom whois_domainwhere domain in ( 'github.com', 'google.com', 'steampipe.io', 'yahoo.com' );
select domain, expiration_datefrom whois_domainwhere domain in ( 'github.com', 'google.com', 'steampipe.io', 'yahoo.com' );
Implementation notes
- Automatically retries with backoff. WHOIS servers are fussy with throttling.
- May return partial results, some WHOIS servers return domain info but throttle / skip contact information.
Schema for whois_domain
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
admin | jsonb | Administrative contact information. | |
billing | jsonb | Billing contact information. | |
client_delete_prohibited | boolean | This status code tells your domain's registry to reject requests to delete the domain. | |
client_transfer_prohibited | boolean | This status code tells your domain's registry to reject requests to transfer the domain from your current registrar to another. | |
client_update_prohibited | boolean | This status code tells your domain's registry to reject requests to update the domain. | |
created_date | timestamp with time zone | Date when the domain was first registered. | |
dns_sec | boolean | True if the domain has enabled DNSSEC. | |
domain | text | = | Domain name the WHOIS information relates to. |
domain_extension | text | Extension of the domain. | |
domain_id | text | Unique identifier for the domain. | |
domain_punycode | text | Punycode ASCII variation of the Unicode domain name. | |
expiration_date | timestamp with time zone | Expiration date for the domain. | |
name_servers | jsonb | List of name servers for the domain. | |
registrant | jsonb | Registrant contact information. | |
registrar | jsonb | Registrar contact information. | |
server_delete_prohibited | boolean | This status code prevents your domain from being deleted. clientdeleteprohibited is more commonly used. | |
server_transfer_prohibited | boolean | This status code prevents your domain from being transferred from your current registrar to another. clienttransferprohibited is more commonly used. | |
server_update_prohibited | boolean | This status code locks your domain preventing it from being updated. clientupdateprohibited is more commonly used. | |
status | jsonb | Extensible Provisioning Protocol (EPP) status codes set on the domain. Common status codes (e.g. client_transfer_prohibited) are also elevated to column level. A full list is available at https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en | |
technical | jsonb | Technical contact information. | |
updated_date | timestamp with time zone | Last date when the domain record was updated. | |
whois_server | text | WHOIS server that manages the domain. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- whois
You can pass the configuration to the command with the --config
argument:
steampipe_export_whois --config '<your_config>' whois_domain