whoprompt

i've been batting around in my head just blogging about the random bits of tech knowledge i learn along the way, or computer-related things i do. that way, it'll be a way to commit that stuff to memory for my future reference, as well as document the trajectory of things i'm doing and learning.

in the spirit of that last entry, i'll start with a little bit of code i wrote earlier tonight. i work in a data center, and my duties are as varied as the calamities and successes that befall our customers. however, one of the fairly common tasks i have to perform is preliminary investigation of abuse complaints: figuring out which customer sent the complained-about spam (much less, if it was a customer at all...), notifying the customer of the complaint, and escalating it if it's particularly messy. basically, this involves a lot of whois queries (or dig queries followed by whois queries, for those spam complaints that only provide domain names and not IP addresses).

it was a particularly long night of spam complaint lookups tonight, and i started to get very annoyed about having to type "whois" or "whodig" (a little one-liner i wrote a few months ago to automate the dig-then-whois process) before every single IP or domain i cut and pasted from the spam headers. i wished i could just paste the IP or domain at the command prompt, hit enter, and have the shell read my mind that i wanted a whois lookup.

so, as any self respecting lazy IT geek would do, i wrote a script that does just that.

#!/bin/bash

# whoprompt.sh
#
# an interactive whois command line
#
# this will run whois if an IP is typed at the prompt
# and whodig (a dig-and-then-whois script) in response to a domain name
#
# nicolle neulist
# December 25, 2010
#
# * ----------------------------------------------------------------------------
# * "THE BEER-WARE LICENSE" (Revision 42):
# *  wrote this file. As long as you retain this 
# * notice you can do whatever you want with this stuff. If we meet some day
# * and you think this stuff is worth it, you can buy me a beer in return.
# * ----------------------------------------------------------------------------

# define constants
SHELLPROMPT="whois> "

# define function to test for a valid IP address

function valid_ip()
{
	local  ip=$1
	local  stat=1

	if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
		OIFS=$IFS
		IFS='.'
		ip=($ip)
		IFS=$OIFS
		[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
		stat=$?
		fi
	return $stat
}

# define function to run a dig query on a domain name and then a 
# whois lookup on the corresponding IP

function whodig()
{
	whois $(dig $1 | grep -A1 "ANSWER SECTION" | grep "IN" | awk '{print $5}')
}

# main loop
printf "type \"help\" for help.\n"
printf "type \"exit\" to exit.\n"
while [ 1==1 ]; do
	read -p "$SHELLPROMPT" -e address
	if [ $address == "help" ] ; then	# print help text
		printf "\ntype an IP address to run a whois lookup.\n"
		printf "for any other text, it will attempt to run a\n"
		printf "dig query, and then a whois lookup on that.\n\n"
		printf "it will return the same success or error text\n"
		printf "as a normal whois or dig lookup on linux.\n\n"
		printf "to end the program, type \"exit\".\n\n"
	elif [ $address == "exit" ] ; then 	# "exit" quits the program.
		exit 0
	else							# whois/whodig routine
		if valid_ip $address; then	# test IP
			whois $address		# whois on valid IP
			printf "\n"
		else
			whodig $address		# assume domain if not IP
			printf "\n"
		fi
	fi
done

Hopefully you'll get some use out of this little bit of code, especially if you're also in a position that requires lots of abuse complaint investigation, or anything else that requires a lot of whois lookups.