Python for programmers and ethics

Chapter 1: Information Gathering:

How to Get Domain Name Information in Python
Learn how to validate domain names using WHOIS, as well as
getting domain name information such as domain registrar, creation
date, expiration date and more in Python.

A domain name is a string identifying a network domain; it represents an IP

resource, such as a server hosting a website or just a computer accessing
the Internet.

In simple terms, what we know as the domain name is the address of your
website that people type in the browser URL to visit.

In this tutorial, we will use the whois library in Python to validate domain
names and retrieve various domain information such as creation and
expiration date, domain registrar, address and country of the owner, and
more.

If you want to extract DNS info about a particular domain, then this tutorial is
for you.

To get started, let's install the library:

pip3 install python-whois

WHOIS is a query and response protocol that is often used for querying
databases that store registered domain names. It stores and delivers the
content in a human-readable format. whois library simply queries a
WHOIS server directly instead of going through an intermediate web service.

There is also a simple whois command in Linux to extract domain info, but
since we're Python developers, then we'll be using Python for this.

Validating Domain Names

In this section, we'll use whois to tell whether a domain name exists and is
registered, the below function does that:

import whois # pip install python-whois

def is_registered(domain_name):
 """

A function that returns a boolean indicating

whether a `domain_name` is registered

"""

try:

w = whois.whois(domain_name)

except Exception:

return False

else:

return bool(w.domain_name)

whois.whois() function raises an exception for domains that don't exist and
may return without raising any exception even if the domain isn't registered,
that is why we check whether domain_name exists, let's test this function:

# list of registered & non registered domains to test our function

domains = [

"thepythoncode.com",

"google.com",

"github.com",

"unknownrandomdomain.com",

"notregistered.co"

# iterate over domains

for domain in domains:

print(domain, "is registered" if is_registered(domain) else "is not

registered")

We have defined some known domains and others that don't exist. Here is
the output:

thepythoncode.com is registered
google.com is registered

github.com is registered

unknownrandomdomain.com is not registered

notregistered.co is not registered

Awesome, in the next section, we'll see how to get various useful information
about domain names.

Getting Domain WHOIS Information

It is pretty straightforward to use this library, we just pass the domain name
to the whois.whois() function:

import whois

# test with Google domain name

domain_name = "google.com"

if is_registered(domain_name):

whois_info = whois.whois(domain_name)

Now to get the domain registrar (the company that manages the reservation
of domain names), we simply access the attribute registrar:

# print the registrar

print("Domain registrar:", whois_info.registrar)

Getting the WHOIS server:

# print the WHOIS server

print("WHOIS server:", whois_info.whois_server)

Domain creation and expiration date:

# get the creation time

print("Domain creation date:", whois_info.creation_date)

# get expiration date

print("Expiration date:", whois_info.expiration_date)

Output:
Domain registrar: MarkMonitor Inc.

WHOIS server: whois.markmonitor.com

Domain creation date: 1997-09-15 04:00:00

Expiration date: 2028-09-14 04:00:00

To see other various WHOIS information such as name servers, country, city,
state, address, etc, just print whois_info:

# print all other info

print(whois_info)

Conclusion

There you have it! You just learned the easiest and quickest way to get
domain name information in Python. Check python-whois Github repository.

How to Perform Reverse DNS Lookups Using

Python
Learn how to perform reverse DNS lookups and find other websites hosted on
the same server using Python and the ViewDNS API. Perfect for network
administrators and cybersecurity professionals.

In this tutorial, I'll walk you through performing reverse DNS lookups and
identifying other websites hosted on the same server using Python.

DNS, or Domain Name System, translates human-readable domain names

(like www.guardyk.com) into machine-readable IP addresses, enabling web
browsers to locate and connect to the correct web servers to load websites.

Essentially, if we manage to stumble upon an IP address we're not really sure

of and want to see the domain and other websites on the same server, the
program we're about to build will help us with that.

Note: All websites hosted on the same server have the same IP address.
Think of a server as your mobile phone. The various websites on a server are
just like the apps on your phone - on the same device.

This program can be useful for network administrators, cybersecurity

professionals, or anyone interested in understanding server relationships.
The importance of information gathering (in all aspects of life and not just
tech) cannot be overemphasized. Now, let's get into it.
Prerequisites

 Python 3 installed on your computer.

 An API key from ViewDNS. You can get it here. The free version is okay
to follow along. I'll explain more later on.

Installing Required Libraries

We will use the argparse, ipaddress, socket, and requests libraries. If you
don't have the requests library installed, you can install it using pip:

$ pip install requests

Copy

The others are pre-installed with Python. The uses of the above packages (as
related to this program) include:

 argparse: For parsing command-line arguments.

 ipaddress: For validating IP addresses.

 socket: To perform the reverse IP lookup.

 requests: For making HTTP requests.

Writing the Script

Open up a new Python file, name it meaningfully like reverse_lookup.py and

include the following code:

import argparse

import ipaddress

import socket

import requests

API_KEY = "Your-Api-Key-Here" # Replace with your ViewDNS API key

# Function to Check if IP address is valid.

def is_valid_ip(ip):

try:

ipaddress.ip_address(ip)
 return True

except ValueError:

return False

Copy

We started by importing the necessary libraries, specifying our API key, and
creating a function to check if an IP Address is valid. The ip_address() method
from the ipaddress module takes an IP address and checks if it is a valid ipv4
or ipv6 IP Address.

Related: How to Manipulate IP Addresses in Python using ipaddress Module.

Next, we create a function to perform IP address reverse lookup using

sockets:

# Perform reverse look up.

def reverse_lookup(ip):

try:

domain = socket.gethostbyaddr(ip)[0]

return domain

except socket.herror:

return None

Copy

The highlight of this function is the gethostbyaddr() method from

the socket module. It essentially takes an IP address and returns the
associated domain (by specifying the index [0]).

Next, we create a function to get all other websites on the same server as
our target domain. For this, we'll use the ViewDNS API. ViewDNS is an online
service providing various DNS-related tools and APIs for querying domain and
IP address information.

So we'll create another function for that:

# Get websites on same server.

def get_websites_on_server(ip):
 url = f"https://api.viewdns.info/reverseip/?
host={ip}&apikey={API_KEY}&output=json"

response = requests.get(url)

if response.status_code == 200:

data = response.json()

if "response" in data and "domains" in data["response"]:

websites = data["response"]["domains"]

return websites

return []

Copy

The get_websites_on_server() function retrieves a list of websites hosted on

the same server as a given IP address by querying the ViewDNS API. It
constructs the API URL with the provided IP and API key, makes an HTTP GET
request, and, if successful, parses the JSON response to extract and return
the list of domains. If the response fails or doesn't contain the expected data,
it returns an empty list.

Finally, we create a main function to collect user arguments

using argparse and handle the program execution:

# Get user arguments and execute.

def main():

parser = argparse.ArgumentParser(description="Perform IP reverse

lookup.")

parser.add_argument("ips", nargs="+", help="IP address(es) to perform

reverse lookup on.")

parser.add_argument("--all", "-a", action="store_true", help="Print all

other websites on the same server.")

args = parser.parse_args()

for ip in args.ips:

if not is_valid_ip(ip):

print(f"[-] Invalid IP address: {ip}")

 continue

domain = reverse_lookup(ip)

if domain:

print(f"[+] IP: {ip}, Domain: {domain}")

if args.all:

websites = get_websites_on_server(ip)

if websites:

print("\nOther websites on the same server:")

for website in websites:

print(f"[+] {website}")

print('\n')

else:

print("[-] No other websites found on the same server.")

else:

print(f"[-] No domain found for IP: {ip}")

if __name__ == "__main__":

main()

Copy

The main function parses command-line arguments, validates and performs

reverse DNS lookups on provided IPs, and if the --all flag is set, retrieves, and
lists other websites hosted on the same server.

That's it. Let's run our program.

Running our Program

Please do not forget to include your API key before running the program.

To run the program (with all functionalities):

$ python reverse_lookup.py [IP Address] --all

Copy

Result:

[+] IP: 99.99.99.99, Domain: ec2-99-99-99-99.compute-1.amazonaws.com

Other websites on the same server:

[+] {'name': 'lowe-crawford.org', 'last_resolved': '2024-06-15'}

[+] {'name': 'butler.info', 'last_resolved': '2024-06-19'}

[+] {'name': 'lozano.com', 'last_resolved': '2024-06-19'}

[+] {'name': 'bell.com', 'last_resolved': '2024-06-15'}

[+] {'name': 'johnson.info', 'last_resolved': '2024-06-19'}

Copy

For security purposes, I'm sharing a hypothetical IP address, and the

resulting domains are randomly generated, but you can run it on your IP to
see for yourself!

That's it. Please remember that the --all flag is optional. If you just want a
reverse lookup without checking other websites on the same server, you can
exclude the flag.

Also, you can specify as many IP addresses as you want. Just separate them
with spaces:

$ python reverse_lookup.py [IP Address 1] [IP Address 2]

Copy

I hope they don't send The Undertaker after us!

Conclusion

In this tutorial, you learned how to perform reverse DNS lookups and identify
other websites hosted on the same server using Python. By leveraging
the ViewDNS API, you can gain insights into server relationships and
potentially discover more about the infrastructure behind the IP addresses
you're investigating.