Home > front end >  How to use IP address with whois, after digging it using shell_exec PHP?
How to use IP address with whois, after digging it using shell_exec PHP?

Time:01-03

I am quite new to PHP, and I am determined to make myself a tool about domain's information.

I am requesting for the user, to input the domain name, and afterwards, I dig separate DNS records, such as A,NS etc.

The issue that I am facing, is that the whois command, does not grep the output I need, while using the variable from digging. Everything works, if I put the IP value myself within the code.

Example, when it works:

$command = sprintf("whois %s | grep 'descr'", "141.136.44.163" );
$Host = shell_exec($command);

Output:

descr: Hostinger International Ltd. descr: HOSTINGER LT

When it does not work:

$outputA = shell_exec("dig  short a $Domain");
$command = sprintf("whois %s | grep 'descr'", $outputA );
$Host = shell_exec($command);

Output: OUTPUT IMAGE

Basically, it seems that the whois command is running and it works, although it is no longer grepping the 'descr'. The thing is, that the output of echo $outputA and manually written IP address is identical. Checked multiple times while doing the echo, it is literally the same. Would really appreciate your thoughts here, I was trying multiple diferent techniques to execute the command line.

For reference, my full code:

function dnsLookup() {
$Domain = $_POST['DomainName'];
echo "DNS records for domain:", $Domain;
echo nl2br("\n\n\n\n", false);
echo "NS records are:";
$outputNS = shell_exec("dig  short ns $Domain");
$outputA = shell_exec("dig  short a $Domain");
$outputMX = shell_exec("dig  short mx $Domain");
$outputTXT = shell_exec("dig  short txt $Domain");
echo "<pre>$outputNS</pre>";
echo nl2br("\n", false);
echo "A records are:";
echo "<pre>$outputA</pre>";
echo nl2br("\n", false);
echo "MX records are:";
echo "<pre>$outputMX</pre>";
echo nl2br("\n", false);
echo "TXT records are:";
echo "<pre>$outputTXT</pre>";
$Registrar = shell_exec("whois $Domain | grep 'Registrar'");
$command = sprintf("whois %s | grep 'descr'", $outputA );
$Host = shell_exec($command);
echo nl2br("\n", false);
echo "Original domain's Registrar:";
echo "<pre>$Registrar<pre>";
echo "<pre>$Host<pre>";

Btw, using post method, in order to grab the domain name from the form within the website, and it is copied perfectly, since the above command line for greping the "Registrar" with the domain name works great.

Please let me know, why the manually written IP address is acting differently comparing to variable.

CodePudding user response:

You can check the length of your string ($outputA) with var_dump($outputA) and you'll find that there is one more white-char which is the reason.

The solution is simply sanitizing the string: $correctIP=substr($outputA,0,-1);

CodePudding user response:

Check the output text - it's different between IP and domain name. Registrant Name may not be what you're looking for, change the text after reviewing the output.

$ whois hostinger.com | grep "descr\|Registrant Name"
Registrant Name: GDPR Masked
$ whois 141.136.44.163 | grep 'descr'
descr:          Hostinger International Ltd.
descr:          HOSTINGER LT

Also, you need validation and escaping to protect your server from command-line injection

<?php

$ip = '141.136.44.163';
$domain = 'hostinger.com';

dnsLookup($ip);    
dnsLookup($domain);
dnsLookup('garbage');

function dnsLookup($value) {
        // whether it is an IP address or a domain name, it must have a . to separate the digits or TLD
        if (strpos($value,'.') === false) die('Bad input');

        // validate, taking either a domain name or an IP address, returning false if neither
        $lookup = filter_var($value,FILTER_VALIDATE_DOMAIN,FILTER_FLAG_HOSTNAME|FILTER_NULL_ON_FAILURE) ??
                filter_var($value,FILTER_VALIDATE_IP,FILTER_NULL_ON_FAILURE) ?? false;

        // if the $value was invalid, die
        if ($lookup === false) die('Bad input');

        // do the lookup
        $Domain = escapeshellarg($lookup);
        echo "DNS records for domain:", $Domain;
        echo nl2br("\n\n\n\n", false);
        echo "NS records are:";
        $outputNS = shell_exec("dig  short ns $Domain");
        $outputA = shell_exec("dig  short a $Domain");
        $outputMX = shell_exec("dig  short mx $Domain");
        $outputTXT = shell_exec("dig  short txt $Domain");
        echo "<pre>$outputNS</pre>";
        echo nl2br("\n", false);
        echo "A records are:";
        echo "<pre>$outputA</pre>";
        echo nl2br("\n", false);
        echo "MX records are:";
        echo "<pre>$outputMX</pre>";
        echo nl2br("\n", false);
        echo "TXT records are:";
        echo "<pre>$outputTXT</pre>";
        $Registrar = shell_exec("whois $Domain | grep 'Registrar'");
        $command = sprintf("whois %s | grep 'descr\\|Registrant Name'", $outputA );
        $Host = shell_exec($command);
        echo nl2br("\n", false);
        echo "Original domain's Registrar:";
        echo "<pre>$Registrar</pre>";
        echo "<pre>$Host</pre>";
}
  • Related