PowerShell – Domain Name WhoIS

    #   Does a raw WHOIS query and returns the results
    #   whois poshcode.org
    #   The simplest whois search
    #   whois poshcode.com
    #   This example is one that forwards to a second whois server ...
    #   whois poshcode.com -NoForward
    #   Returns the partial results you get when you don't follow forwarding to a new whois server
    #   whois domain google.com
    #   Shows an example of sending a command as part of the search.
    #   This example does a search for an exact domain (the "domain" command works on crsnic.net for .com and .net domains)
    #   The google.com domain has a lot of look-alike domains, the least offensive ones are actually Google's domains (like "GOOGLE.COM.BR"), but in general, if you want to look up the actual "google.com" you need to search for the exact domain.
    #   whois n -server whois.arin.net
    #   Does an ip lookup at arin.net
    # Future development should look at http://cvs.savannah.gnu.org/viewvc/jwhois/jwhois/example/jwhois.conf?view=markup
    # v0.3 Added documentation, examples, error handling for ip lookups, etc.
    # v0.2 Now strips command prefixes off when forwarding queries (if you want to send the prefix to the forwarded server, specify that server with the original query).
    # v0.1 Now able to re-query the correct whois for .com and .org to get the full information!
 function Get-WhoIs {
        # The query to send to WHOIS servers
        [Parameter(Position=0, ValueFromRemainingArguments=$true)]

        # A specific whois server to search

        # Disable forwarding to new whois servers
    end {
        $TLDs = DATA {

        $EAP, $ErrorActionPreference = $ErrorActionPreference, "Stop"

        $query = $query.Trim()

        if($query -match "(?:\d{1,3}\.){3}\d{1,3}") {
            Write-Verbose "IP Lookup!"
            if($query -notmatch " ") {
                $query = "n $query"
            if(!$server) { $server = "whois.arin.net" }
        } elseif(!$server) {
            $server = $TLDs.GetEnumerator() |
                Where { $query -like  ("*"+$_.name) } |
                Select -Expand Value -First 1

        if(!$server) { $server = "whois.arin.net" }
        $maxRequery = 3 

        do {
            Write-Verbose "Connecting to $server"
            $client = New-Object System.Net.Sockets.TcpClient $server, 43

            try {
                $stream = $client.GetStream()

                Write-Verbose "Sending Query: $query"
                $data = [System.Text.Encoding]::Ascii.GetBytes( $query + "`r`n" )
                $stream.Write($data, 0, $data.Length)

                Write-Verbose "Reading Response:"
                $reader = New-Object System.IO.StreamReader $stream, [System.Text.Encoding]::ASCII

                $result = $reader.ReadToEnd()

                if($result -match "(?s)Whois Server:\s*(\S+)\s*") {
                    Write-Warning "Recommended WHOIS server: ${server}"
                    if(!$NoForward) {
                        Write-verbose "Non-Authoritative Results:`n${result}"
                        # cache, in case we can't get an answer at the forwarder
                        if(!$cachedResult) {
                            $cachedResult = $result
                            $cachedServer = $server
                        $server = $matches[1]
                        $query = ($query -split " ")[-1]
                    } else { $maxRequery = 0 }
                } else { $maxRequery = 0 }
            } finally {
                if($stream) {
        } while ($maxRequery -gt 0)


        if($cachedResult -and ($result -split "`n").count -lt 5) {
            Write-Warning "Original Result from ${cachedServer}:"

        $ErrorActionPreference = $EAP
# Set-Alias whois Get-WhoIs

Reference: http://poshcode.org/5557

All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.