WhoisXML API
App Vendor: Whois
Connector Category: Data Enrichment and Threat Intelligence
App Version in Orchestrate: 2.3.0
API Version: V1 and V2
About App
The WhoisXML app integrates with the WhoisXML API to retrieve WHOIS records, and details about domain names, emails, and IP addresses. Security analysts can use the Whois XML API to access the domain details including the ownership, timeline, updates, status, and other essential registration details about every domain on the internet. A DNS server can be queried to determine the IP address of the primary domain (a record), mail servers (MX records), DNS servers (NS name servers), and other artifacts such as SPF records (TXT records).
The WhoisXML app is configured with the Orchestrate application to perform the following actions:
Action | Description |
|---|---|
Simple Reverse Whois Lookup | This action performs a simple reverse Whois lookup operation to list all the associated domains using the query string. |
Get All Website Categories | This action returns the website categories. |
Get Domain Details | This action returns the domain details. |
Get Subdomain Details | This action returns the subdomain details. |
Generic Action | This is a generic action to perform any additional use case on WHOIS XML. |
Reverse Name Server Lookup | This action performs a reverse name server lookup to list all the domains hosted in a server. |
Reverse MX Lookup | This action performs a reverse mail exchange (MX) lookup to identify domains that link back to a mail server to avoid hosts with a dubious reputation. |
Reverse IP DNS Lookup | This action performs a reverse IP DNS lookup based on the domain’s IP address to list all the associated domains. |
Fetch URL Screenshot | This action retrieves a screenshot of a URL as a JPG, PNG, or PDF file. |
Fetch IP Geo Location Details | This action retrieves the IP geo details such as location, coordinates, time zone, and other relevant details. |
Fetch IP Address Netblocks Details | This action retrieves details about the registered IP netblocks containing the WHOIS ownership and location details of each IP range. |
Fetch Email Details | This action retrieves details of an email. |
Fetch Domain Reputation | This action retrieves the reputation of a domain in terms of a reputation score to help identify malicious domains before getting involved with them. |
Fetch Domain Contact Information | This action retrieves the domain contact information such as company name and key contacts with contact numbers, email, or social media links. |
Fetch DNS Lookup Information | This action retrieves DNS lookup information about the given domain. |
Advanced Reverse Whois Lookup | This action performs an advanced reverse Whois lookup operation. |
Get Domain/IP Address Information | This action retrieves information about a domain or an IP address. |
Get Account Balance Info | This action returns the account balance information. |
Get Domain Count | This action returns the number of domains in your account. |
Configuration Parameters
The following configuration parameters are required for the Whois XML app to communicate with the Whois XML enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the unique API token to authenticate. Example: XXXXX3q56ywymsvyJuugMVY04bvmjtHt | Text | Required | |
Verify | Choose to verify or skip SSL/TLS verification. Allowed values are true and false. By default, verification is enabled. | Boolean | Optional | |
Timeout | Enter the timeout value for the API request in seconds. | Integer | Optional | The allowed range is 15-120. The default value is 15. |
Action: Advanced Reverse Whois Lookup
This action performs an advanced reverse Whois lookup operation.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query String | Enter the query string. Example: google.com | Text | Required | |
Whois Field | Enter the Whois field to search in. Example:
| Text | Required | |
Search Mode | Enter the search mode. Example: purchase | Text | Optional | Allowed values:
Default value: purchase |
Example Request
[
{
"query_field": "RegistrantContact.Organization",
"query_string": "google.com"
}
]Action: Fetch DNS Lookup Information
This action retrieves the DNS lookup information about the given domain which has several records associated with it. A DNS server can be queried to determine the IP address of the primary domain (A record), mail servers (MX records), DNS servers (NS nameservers), and other items such as SPF records (TXT records).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain. Example: google.com | Text | Required | |
DNS Type | Enter the DNS type. Example: MX | Text | Optional | Allowed values: See DNS types for the supported DNS types. Default: All |
Example Request
[
{
"domain": "google.com",
"dns_type": "MX"
}
]Action: Fetch Domain Contact Information
This action retrieves the domain contact information such as company name and key contacts with contact numbers, email, or social media links.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain name to fetch the related contact information. Example: google.com | Text | Required |
Example Request
[
{
"domain": "google.com"
}
]Action: Fetch Domain Reputation
This action retrieves the reputation of a domain in terms of a reputation score to help identify malicious domains before getting involved with them.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain. Example: google.com | Text | Required |
Example Request
[
{
"domain": "google.com"
}
]Action: Fetch Email Details
This action retrieves all the associated details (MX records, audit records, and so on) using an email address.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Email ID | Enter the Email ID. Example: sampleuser@sampledomain.com | Text | Required |
Example Request
[
{
"email_id": "sampleuser123@gmail.com"
}
]Action: Fetch IP Address Netblocks Details
This action retrieves details about the registered IP netblocks containing the WHOIS ownership and location details of each IP range.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address to retrieve details about the associated IP range. Example: 23.43.24.123 | Text | Required | |
ASN Code | Enter the ASN (Autonomous System Numbers) code. Example: 15169 | Text | Optional | |
Organization Name | Enter the organization name. Example: | Text | Optional | |
Network Mask | Enter the network mask. Example: 32 | Integer | Optional | Default value: 32 |
Limit | Enter the limit to display the results from 100-1000. Example: 100 | Integer | Optional | Default value: 100 |
Example Request
[
{
"ip_address": "23.43.24.123",
"asn_code": 15169,
"org_name": "Google",
"limit": 100,
"network_mask": 32
}
]Action: Fetch IP Geo Location Details
This action retrieves the IP geolocation details such as location, coordinates, time zone, and other geo details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address to retrieve the geo details. Example: 23.43.24.123 | Text | Required | |
Domain | Enter the domain name to fetch the location details. Example: google.com | Text | Optional | |
Email ID | Enter the email ID . | Text | Optional |
Example Request
[
{
"domain": "google.com",
"ip_address": "23.43.24.123"
}
]Action: Fetch URL Screenshot
This action gets a screenshot of a URL.
Parameter | Description | Field Type | Required/Optional | Comments |
URL | Enter the input URL. | Text | Required |
Action: Get Account Balance Info
This action returns the account balance information.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Product ID | Enter the list of product IDs for which you want to get the account balance information. | List | Optional |
|
Output Format | Enter the output format in which you want to get the account balance information. | Text | Optional | Allowed values:
|
Action: Get All Website Categories
This action returns the website categories.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Order | Enter the order in which you want to get the website categories. | Text | Optional | Allowed Values:
|
Output Format | Enter the output format to get the account balance information. | Text | Optional | Default: JSON |
Action: Get Domain Count
This action returns the number of domains in your account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Include Search Term | Enter the list of search terms for which you want to get the number of domains. All of them should be present in the domain name. | List | Required | Allowed items: maximum 4 |
Since Date | Enter the date from which you want to get the number of domains. Example: 2019-01-01 | Text | Optional | Allowed dates are in the [Today minus 14 days — Today] interval. |
Mode | Enter the mode in which you want to get the number of domains. | Text | Optional | Allowed Values:
|
Exclude Search Terms | Enter the list of search terms for which you do not want to get the number of domains. | List | Optional | Allowed items: maximum 4 |
With Typos | Enter true if you want to enrich the search term with their possible typos. | Boolean | Optional | Default value: False |
Punycode | Enter true if you want to encode the domain names to Punycode. | Boolean | Optional | Default: True |
Output Format | Enter the output format in which you want to get the number of domains. | Text | Optional | Allowed values:
|
Action: Get Domain Details
This action returns the domain details.
Parameter | Description | Field Type | Required/Optional | Comments |
Domain Names | Enter the list of domain names to get the domain details. Example: bbc.com | List | Required | |
Since Date | Enter the date from which you want to get the domain details. Example: 2019-01-01 | Text | Optional | |
Output Format | Enter the output format in which you want to get the domain details. | Text | Optional | Default: JSON |
Action: Get Domain/IP Address Information
This action retrieves information about a domain or an IP address.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Name/IP Address | Enter the domain name or IP address. | Text | Required |
Example Request
[
{
"query": "google.com"
}
]Action: Get Subdomain Details
This action returns the subdomain details.
Parameter | Description | Field Type | Required/Optional | Comments |
Include Subdomains | Enter the list of subdomains to get the subdomain details. Example: bbc.com | List | Required | |
Exclude Subdomains | Enter the list of subdomains to exclude from the subdomain details. Example: bbc.com | List | Required | |
Since Date | Enter the date from which you want to get the subdomain details. Example: 2019-01-01 | Text | Optional | |
Output Format | Enter the output format in which you want to get the subdomain details. | Text | Optional | Allowed values:
Default: JSON |
Action: Reverse IP DNS Lookup
This action performs a reverse IP DNS lookup based on the domain’s IP address to list all the associated domains.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host | Enter the host IP to retrieve the corresponding domain details. Example: 23.54.241.54 | Text | Required | |
From Domain | Enter the from domain. | Text | Optional |
Example Request
[
{
"host": "23.54.241.54"
}
]Action: Reverse MX Lookup
This action performs a reverse Mail Exchange (MX) lookup to retrieve a list of all domains hosted on a mail server to help avoid hosts with a dubious reputation.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Mail Server | Enter the mail server. Example: mail.google.com | Text | Required | |
From Domain | Enter the from domain. | Text | Optional |
Example Request
[
{
"mail_server": "mail.google.com"
}
]Action: Reverse Name Server Lookup
This action performs a reverse name server lookup to list all the domains hosted in a server.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name Server | Enter the name server to retrieve domain name lists sharing a nameserver specified as a search term. Example: google.com | Text | Required | |
From Domain | Enter the from domain. | Text | Optional |
Example Request
[
{
"name_server": "google.com"
}
]Action: Simple Reverse Whois Lookup
This action performs a simple reverse Whois lookup operation to list all the associated domains using the query string. Reverse WHOIS data helps to spot dangerous domain footprints linked to a cybercriminal or spammer.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query String | Enter the query string to retrieve the reverse Whois data. Example: google.com | Text | Required | |
Search Mode | Enter the search mode. Example: purchase | Text | Optional | Allowed values:
Default value: purchase |
Example Request
[
{
"query_string": "google.com",
"search_mode": "purchase"
}
]Action: Generic Action
This is a generic action to perform any additional use case you want on WHOIS XML.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. Example: GET, POST, PUT, PATCH, DELETE | Text | Required | |
Endpoint | Enter the endpoint to make the request. Example: /api/vulnerabilities/{cve_id}/affected-projects | Text | Required | |
Query Params | Enter the query parameters to pass to the API | Key Value | Optional | |
Payload | Enter the payload to pass to the API | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API | Key Value | Optional |