User Guide

Synapse-Whoxy User Guide

Synapse-Whoxy adds new Storm commands to allow you to query the Whoxy API using your existing API key.

Getting Started

Check with your Global Admin to enable permissions and find out if you need a personal API key.

Examples

Setting your personal API key

To set-up a personal use API key:

> whoxy.setup.apikey --self myapikey
Setting Whoxy API key for the current user.

Ingest a live WHOIS record for an FQDN

> inet:fqdn=excite.com | whoxy.whois.lookup --yield | -+> inet:whois:contact
inet:whois:rec=('excite.com', '2016/06/11 19:19:24.000')
        .created = 2024/05/07 20:13:31.802
        :asof = 2016/06/11 19:19:24.000
        :created = 1995/09/19 00:00:00.000
        :expires = 2017/09/18 00:00:00.000
        :fqdn = excite.com
        :registrant = mindspark interactive network, inc.
        :registrar = markmonitor, inc.
        :updated = 2016/04/26 00:00:00.000
inet:whois:contact=(('excite.com', '2016/06/11 19:19:24.000'), 'registrant')
        .created = 2024/05/07 20:13:31.829
        .seen = ('2016/06/11 19:19:24.000', '2016/06/11 19:19:24.001')
        :address = 29 wells ave,
        :city = yonkers
        :country = us
        :email = [email protected]
        :fax = +1 (914) 206-4559
        :name = domain administrator
        :orgname = mindspark interactive network, inc.
        :phone = +1 (914) 591-2000
        :rec = ('excite.com', '2016/06/11 19:19:24.000')
        :rec:asof = 2016/06/11 19:19:24.000
        :rec:fqdn = excite.com
        :type = registrant
inet:whois:contact=(('excite.com', '2016/06/11 19:19:24.000'), 'registrar')
        .created = 2024/05/07 20:13:31.973
        .seen = ('2016/06/11 19:19:24.000', '2016/06/11 19:19:24.001')
        :email = [email protected]
        :id = 292
        :orgname = markmonitor, inc.
        :phone = +1 (208) 389-5740
        :rec = ('excite.com', '2016/06/11 19:19:24.000')
        :rec:asof = 2016/06/11 19:19:24.000
        :rec:fqdn = excite.com
        :type = registrar
        :url = http://www.markmonitor.com
        :whois:fqdn = whois.markmonitor.com
inet:whois:contact=(('excite.com', '2016/06/11 19:19:24.000'), 'technical')
        .created = 2024/05/07 20:13:31.921
        .seen = ('2016/06/11 19:19:24.000', '2016/06/11 19:19:24.001')
        :address = 29 wells ave,
        :city = yonkers
        :country = us
        :email = [email protected]
        :fax = +1 (914) 206-4559
        :name = domain administrator
        :orgname = mindspark interactive network, inc.
        :phone = +1 (914) 591-2000
        :rec = ('excite.com', '2016/06/11 19:19:24.000')
        :rec:asof = 2016/06/11 19:19:24.000
        :rec:fqdn = excite.com
        :type = technical
inet:whois:contact=(('excite.com', '2016/06/11 19:19:24.000'), 'administrative')
        .created = 2024/05/07 20:13:31.877
        .seen = ('2016/06/11 19:19:24.000', '2016/06/11 19:19:24.001')
        :address = 29 wells ave,
        :city = yonkers
        :country = us
        :email = [email protected]
        :fax = +1 (914) 206-4559
        :name = domain administrator
        :orgname = mindspark interactive network, inc.
        :phone = +1 (914) 591-2000
        :rec = ('excite.com', '2016/06/11 19:19:24.000')
        :rec:asof = 2016/06/11 19:19:24.000
        :rec:fqdn = excite.com
        :type = administrative

Ingest historical WHOIS records from the Whoxy database

> inet:fqdn=koyz.com | whoxy.whois.history --yield
inet:whois:rec=('koyz.com', '2014/09/23 13:45:05.000')
        .created = 2024/05/07 20:13:32.220
        :asof = 2014/09/23 13:45:05.000
        :created = 2006/03/31 00:00:00.000
        :expires = 2015/03/31 00:00:00.000
        :fqdn = koyz.com
        :registrant = this domain is for sale !!
        :registrar = godaddy.com, llc
        :updated = 2014/07/01 00:00:00.000
inet:whois:rec=('koyz.com', '2015/04/01 00:05:04.000')
        .created = 2024/05/07 20:13:32.480
        :asof = 2015/04/01 00:05:04.000
        :created = 2006/03/31 00:00:00.000
        :expires = 2015/03/31 00:00:00.000
        :fqdn = koyz.com
        :registrant = this domain is for sale !!
        :registrar = godaddy.com, llc
        :updated = 2015/01/14 00:00:00.000

Ingest WHOIS records from the Whoxy database using a search identifier

> ou:org#myorg :name -> ou:name | whoxy.whois.reverse --yield
inet:whois:rec=('acme.co.jp', '2015/06/26 12:37:30.000')
        .created = 2024/05/07 20:13:32.920
        :asof = 2015/06/26 12:37:30.000
        :fqdn = acme.co.jp
        :registrant = acme corporation
        :registrar = japan registry services co., ltd.
inet:whois:rec=('pgp.hiphop', '2014/12/08 08:00:00.000')
        .created = 2024/05/07 20:13:33.104
        :asof = 2014/12/08 08:00:00.000
        :created = 2014/12/07 00:00:00.000
        :expires = 2015/12/07 00:00:00.000
        :fqdn = pgp.hiphop
        :registrant = acme corporation
        :registrar = enom, inc.
        :updated = 2014/12/07 00:00:00.000