WhoisDB

The WhoisDB dataset is a single - MaxMindDB database that contains public record containing registration details for IP addresses.

It includes information such as the registrant's name and contact details, the registrar, and registration and expiration dates.

Whois data can be found on Shodan UI website:

Note

Whois data can be accessed directly by https://www.shodan.io/host/{ip_address}/whois

Example: https://www.shodan.io/host/1.1.1.1/whois

Quickstart

You will be required to install MaxmindDB utilities to use the database.

1. Install the Shodan command-line interface (CLI) & MaxmindDB:

   pip install --user shodan
   
   # Install the Python MaxMind reader
   pip install --user maxminddb

2. Initialize the CLI using your Shodan API key. You can get your API key from the Shodan account website:

   shodan init API_KEY

3. Download the file:

   shodan data download whoisdb whois.mmdb.zst

4. Rename and uncompress the file:

   mv whoisdb-whois.mmdb.zst whois.mmdb.zst

5. Uncompress ZSTD file:

   Install zstd (only once)

   Ubuntu, Debian:

   apt install zstd

   MacOSX:

   brew install zstd

   Build from source: https://github.com/facebook/zstd/releases

   ---

   Uncompress file

   unzstd whois.mmdb.zst

Tip

Use aria2c to speed up the download.

Example

Query whois information for IP 1.1.1.1

Python

The MMDB file can then be queried using Python or any programming language that supports MaxMind Reader:

# pip install maxminddb
import maxminddb, sys, json

with maxminddb.open_database('whoisdb.mmdb') as reader:
    ip = sys.argv[1] if len(sys.argv) > 1 else '1.1.1.1'
    record = reader.get(ip)
    print(json.dumps(record, indent=2, ensure_ascii=False))

python3 whois_query.py 1.1.1.1

Command line

Alternatively, you can use the command-line tool mmdblookup

Installation guideline

mmdblookup --file whoisdb.mmdb --ip 1.1.1.1

Sample Record

{
    "admin": [
        {
            "handle": "AIC3-AP",
            "name": "APNICRANDNET Infrastructure Contact",
            "address": "6 Cordelia St South Brisbane QLD 4101",
            "phone": "+61 7 3858 3100",
            "fax": null,
            "email": [
                "research@apnic.net"
            ]
        }
    ],
    "tech": [
        {
            "handle": "AIC3-AP",
            "name": "APNICRANDNET Infrastructure Contact",
            "address": "6 Cordelia St South Brisbane QLD 4101",
            "phone": "+61 7 3858 3100",
            "fax": null,
            "email": [
                "research@apnic.net"
            ]
        }
    ],
    "abuse": [
        {
            "handle": "IRT-APNICRANDNET-AU",
            "name": "IRT-APNICRANDNET-AU",
            "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
            "phone": null,
            "fax": null,
            "email": [
                "helpdesk@apnic.net"
            ]
        }
    ],
    "org": [
        {
            "handle": "ORG-ARAD1-AP",
            "name": "APNIC Research and Development",
            "address": "6 Cordelia St",
            "phone": "+61-7-38583100",
            "fax": "+61-7-38583199",
            "email": [
                "helpdesk@apnic.net"
            ]
        }
    ],
    "routing": [],
    "noc": [],
    "dns": [],
    "prefix": "1.1.1.0/24",
    "name": "APNIC-LABS",
    "type": "ASSIGNED PORTABLE",
    "status": [
        "active"
    ],
    "asn": [],
    "country": "AU",
    "description": null,
    "remarks": null,
    "handle": "1.1.1.0 - 1.1.1.255",
    "parent_handle": null,
    "registration": "2011-08-10T23:12:35Z",
    "last_updated": "2023-04-26T22:57:58Z"
}

Useful Links

• MaxMindDB: https://maxmind.github.io/MaxMind-DB/
• Python module for MaxmindDB Reader: https://github.com/maxmind/GeoIP2-python
• ZSTD Compression: https://github.com/facebook/zstd