A Toolkit for Testing Domains and Their Webpages | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

×
Contact Us



WhoisXML API Blog

Read other articles Download PDF

A toolkit for testing domains and their webpages

A toolkit for testing domains and their webpages

In the present blog, we demonstrate how to perform a variety of technical and security tests against a domain by using WhoisXML API's Domain Reputation API. It is a RESTFul API that can be used in a broad range of popular programming environments, including e.g., BASH shell scripts, Windows PowerShell, Python, Java, C++, to name a few. It can be seen as a toolkit performing many tests ranging from DNS checks through revealing e-mail and web server configuration shortcomings to safe web browsing issues such as SSL problems or the presence of the domain in blacklists. The API has recently been updated to provide numeric codes for various tests and warnings; let us see what they can be good for.

The proper operating of Internet domains and web pages involves a number of aspects. The domain has to be duly configured in the Domain Name System (DNS), including its WHOIS information. The web server should also be properly configured, including its SSL settings. If the domain has an IP service, the mail servers have to be set up properly, and the respective DNS settings should be correct, etc. Looking at it from the reverse side, when visiting a web page there may be a number of indicators that suggest that there is a risk involved in the visit.

Checking all these aspects of a top-level domain, either to decide if your own domain is well-configured or to assess the risk of visiting a domain can require a lot of effort. WhoisXML API has an API and lookup service, the Domain Reputation API, which will do a number of tests at once.
A result for of a lookup, e.g., for whoisxmlapi.com would look like this:

{
 "mode": "fast",
 "reputationScore": 98.54,
 "testResults": [
	{
	  "test": "SSL vulnerabilities",
	  "testCode": 88,
	  "warnings": [
		"HTTP Strict Transport Security not set",
		"Heartbeat extension disabled",
		"TLSA record not configured or configured wrong",
		"OCSP stapling not configured"
	  ],
	  "warningCodes": [
		6015,
		6016,
		6019,
		6021
	  ]
	}
 ]
}

Apart from some minor warnings which are due to configuration settings made at will, this is a properly configured domain hosting a page that is safe to be visited. 

But what if you are interested in the verification of certain aspects only? Say, for instance, that you pick a subset of criteria that you want to check before visiting a page hosted on that domain? In our example, we go for the aspect of safe browsing and we want to check the following points:

  • We want to get warned if the domain is recently registered or its SSL certificate was obtained recently. 
  • We want to make sure that the page contains no links to executables (aka .exe or .apk files), has a valid certificate, and is not blacklisted. 

To implement a utility to help us with that, we opt for a BASH shell script as a tool for implementation for the sake of simplicity. (Even though it can also be done in Python, Java, etc.) 

The following little code will do the job:

#!/bin/bash
 
API_KEY="YOUR_API_KEY"
 
echo "-> Checking "$1
api_result=$(curl -s --get "https://domain-reputation.whoisxmlapi.com/api/v1?apiKey=$API_KEY&domainName=$1")
retval=0
for warning_code in $(echo $api_result| jq ".testResults[].warningCodes" | grep "[0-9]" | sed -e s/,//g | xargs);do
	case $warning_code in
		2001)
			echo -e "\033[33;1;1mRecently registered domain. \033[0m"
			retval=1
			;;
		6001)
			echo -e "\033[33;1;1mRecently obtained ssl certificate. \033[0m"
			retval=1
			;;
		3003|3004)
			echo -e "\033[31;1;1mLinks to executables found. \033[0m"
			retval=2
			;;
		6002|6004)
			echo -e "\033[31;1;1mSSL certificate invalid. \033[0m"
			retval=2
			;;
		4001|6022)
			echo -e "\033[31;1;1mBlacklisted domain. \033[0m"
			retval=2
			;;
 
		*)
	esac
done
 
echo "-> Conclusion:"
case $retval in
	0)
		echo -e "\033[32;1;1mNo issues. \033[0m"
		;;
	1)
		echo -e "\033[33;1;1mBe careful. \033[0m"
		;;
	2)
		echo -e "\033[31;1;1mNot recommended. \033[0m"
		;;
esac
 
exit $retval

To give it a try, first you need to get an API key (free subscription is also available). Replace "YOUR_API_KEY" with your actual API key at the beginning of the script to give it a try.

Let's see how it works. We use curl to get the API response as usual. The output is parsed by the jq utility which is a useful API parser, you can install it easily on most platforms (e.g. by doing "sudo apt install jq" on Debian-flavor systems). The loop will go through all the warning codes the API has returned.

Next, we go through all these codes, and give warning messages upon the codes we find as relevant. In particular, codes 2001 and 6001 will result in less severe warnings, whereas 3003, 3004, 6002, 6004, 4001, and 6002 will be considered a more serious problem. 

From the code it is clear what problems these codes reveal. A full list of warning codes is to be found in the description of the output format of the API. We echo a message if the relevant codes appear to describe the situation verbosely. (The control characters in the strings are there as we want to have a fancy color output; less severe issues will be reported in yellow, more severe ones in red.) 

Meanwhile, we set the value of the variable retval: it will be 0 if there were no problems, 1 if there are warnings but no severe problems, and 2 if there is at least one severe issue. Depending on the value of retval we draw a conclusion in the last conditional, and we use this value also as a return value of our script. Let's see it in action.

First let's confirm again that whoisxmlapi.com is safe to visit:

Safe to visit

If, however, the domain we check a domain which has been recently registered, we get:

Domain check

This one is actually a parked domain at the moment. Finally, let us check a domain which is on PhishTank's list at the time of writing of this blog:

PhishTank's list

Apart from being recently registered, it is also on a blacklist. Of course we can identify the actual blacklist from the details in the full API response (the API key is stored in the API_KEY environment variable):

API response

However, now we just wanted to have a quick check of a subset of tests rather than go into detail. 

Our little example can be useful as a utility for checking a domain before visiting a webpage hosted there. In addition, the idea can be adopted to cover many other applications for different professionals and organizations, including: 

  • Web server administrators can check the webpages they operate against relevant criteria such as SSL configuration issues, expiring certificates, etc.
  • Hosting providers can implement an automated alerting system to notify their clients about improper DNS settings of their domains, web server configuration issues, etc.
  • E-mail server operators can check domains against the validity of the e-mail service configuration in the DNS and the sanity of the actual web servers.
  • Security experts can filter domain lists to identify certain custom-defined attack vectors defined on the basis of the available tests.
  • Domainers can batch process domain name lists to evaluate customized criteria in support of domain appraisal, or just to identify domains that will soon expire.

This list of users could also be significantly extended, and so can be the complexity of the implementation. For instance, you may have observed that the API also provides a cumulative "reputationScore" to quantify the results in a single numeric parameter.

If these values do not meet your customized expectations, the test and warning codes make it really easy to implement your own cumulative quantitative measures. It is time now to go ahead, register your account, and implement your own approach.

Related posts
Read other articles Download PDF
Try our WhoisXML API for free
Get started