XL-Whois Documentation

First start

When you start XL-Whois for the first time, you are asked if you want to set default configuration. If you click Yes, you will be asked to select a directory where:

  1. An empty Logging Database will be created;
  2. An empty Whois Database will be created;
  3. A subdirectory named whois will be created and selected for XL-Whois reports.
  4. The TLD Database (effective_tld_names.dat) will be downloaded;
  5. The Whois Server Database (tld.json) will be downloaded;
  6. The IPv4 Database (ipv4-address-space.csv) will be downloaded;
  7. The IPv6 Database (ipv6-unicast-address-assignments.csv) will be downloaded;
  8. Following default options are selected:
    • Activate Logging;
    • Check Logging Database;
    • Store Network whois data;
    • Check Whois database to "If present, ask";
    • Auto viewing for reports with a maximum of 25;
    • Auto update for TLD, Whois Server, IPv4 and IPv6 databases;
    • All parser options are selected: IPv4, IPv6, Hostname and Domain Name;
    • NsLookup timeout is set to 10 seconds
    • Check for update of the tool at startup.

A XL-Whois.ini configuration file will also be created to keep your preferences in memory. You can also set elements above manually, in case you already have some of these databases.

At the end, you will be asked if you want to send a whois test.

Top of the page

Main Window and tray menu

Xl-Whois Main Window Xl-Whois Tray Menu Xl-Whois Tray Menu
Xl-Whois Tray Menu
Xl-Whois Tray Menu

You can set options in the main window or directly from the tray menu:

  • Options: XL-Whois supports three different types of request:
    • Domain whois for domain names registration details.
    • Network whois for IP addresses.
    • DNS Records which is about the Domain name.
    • To be able to send a Domain whois about an IP address or to be able to send a Network whois about a Domain name, XL-Whois use system nsLookup to resolve the requested item.
  • Registry: This option may be used if you want to force the network whois to be queried to the selected registry. The IPv4 Database (ipv4-address-space.csv) from IANA contains "errors" that affect whois tools. For example, 163/8 is supposed to be administered by APNIC, but 163.247/16 is administered by LACNIC. So, in this case, you will get a better answer if you force the registry to LACNIC.
  • Check db: There are two databases that can be used here:
    • Whois Database: Details about Network whois (see details in the Whois Database section). There are actually four options:
      • Don't check: XL-Whois will send he request without checking the database. If an entry already exists, it will be replaced.
      • If present, ask: XL-Whois will check the Whois Database before sending the request. If an ISP is already known for the requested IP address (or resolved for the requested host or domain name), XL-Whois will show you actual data and ask you if you want to send the request.
      • If present, ignore: XL-Whois will check the Whois Database before sending the request. If an ISP is already known for the requested IP address (or resolved for the requested host or domain name), XL-Whois will ignore the request. As the whois database is updated after each request, this option is particularly useful if you have a long list of IP addresses and a probability that many of them will be in the same range, like a login history.
      • Check after: XL-Whois will send the request and extract Network whois data from the answer. If an ISP is already known for this IP address, it will ask you if you want to update the database with the new data. This option is useful if you are used to modify ISP name in the database (ex.: you can add comment like "- Tor node"). Example:

        Xl-Whois Check Database - Check after
    • Logging Database: History of your precedent requests. This database contains the exact items you requested, the comment you add, etc. This database is your personal history. See Logging Database section for more details. When you select this option, the item will be searched in Details and Comment column of the database. If more than three entries are found, only the three most recent results will be shown.
    • If you selected both options (check whois and logging database), below is an exemple of what you will got if the requested item was found in both database:

      Xl-Whois Check Database
  • Add comment: This comment will be added to the XL-Whois Report and stored in the Logging Database. It can be anything like a file number, a project name, the reason you did the request, etc. The comment is optional. It can also be added using the Whois with comment from the tray menu. In this case, a popup will appear before sending the request:

    Xl-Whois - Add comment
  • Clipboard: The input data for whois requests is gathered from the clipboard content. Obviously, it must be in text format, but it doesn't have to be a clean enumeration. XL-Whois provides an integrated parser for IPv4, IPv6, Hostname and Domain name (can be selected or deselected in the Config Window). You can see the result by using the Parse button, but it's not necessary to do this before sending your request, as the parser is automatically used before each request. In the clipboard window, the Edit button saves data from the textfield to the clipboard, so if you want to type an IP address or a domain name, you can do it here. The parser will enumerate items that can be requested. Duplicates will be removed from the list. Example:
    Before parsing:

    Xl-Whois Clipboard Window - Before parsing
    After parsing:

    Xl-Whois Clipboard Window - After parsing
Top of the page

Send a whois request

When everything is set, all you have to do to send a whois request is select and copy text that contain whois elements (copy will send the data to clipboard), then click on whois button of the main window, or use the function from the tray menu. You can select and copy from anywhere (a text document, a spreadsheet, a web page, etc.). Example from a spreadsheet:

Xl-Whois - Select and copy Right-click on XL-Whois tray icon:

Xl-Whois - Whois from tray

In the tray Whois function, only the first item is displayed. If there are more than one item, a 3-dot (...) is added at the end as the example above.

When you send the request, XL-Whois will use nslookup (if necessary) to resolve the IP address or the hostname depending on the requested item (if it's an IP address or a domain name). Depending on the checked options, requests will be made as following:

  • For Domain whois, XL-Whois will check in the TLD Database to extract and valid the domain name (ex.: file.txt has a valid syntax but is not a valid domain name). After that, it will check in the Whois Server Database to identify the appropriate whois server for the query. If no whois server can't be found, a request is sent to Internic to identify the appropriate server. You must also be aware that, like many other whois tools, XL-Whois use the WHOIS protocol to send the request to an appropriate server listening on port 43. Some ccTLDs doesn't have this kind of server. In this case, you will have to check on the Website of these ccTLDs. For some of them, it's possible to send a http query. Examples of ccTLD that doesn't support whois request are .ar (Argentina), .pk (Pakistan) and .es (Spain).
  • For Network whois, XL-Whois will check in the IPv4 Database or the IPv6 Database to find the correct registry for the IP address. If no match is found, ARIN is used by default. The first request is sent to this registry. If the answer indicates another registry, a second request is sent to this registry. When XL-Whois gets the final response, it parses the response to extract information about the ISP.
  • For DNS Records, XL-Whois will query each NS server for A, AAAA, NS, MX, CNAME, TXT, SOA and PTR records.

Finally, XL-Whois will produce the report that will look like this (not a full sample below):

Xl-Whois Report

Top of the page

Config Window

Xl-Whois Config Window - General

General tab

In Tool section, we have the following functions:

  • Export Lang.ini: Use this function to translate XL-Whois GUI. See Translation for help about this functionality.
  • Open user dir: This is the directory where all user databases and settings are saved. Copy the content of this directory if you want to backup your settings.
  • Check Update: Check on le-tools.com if a tool update is available.
  • Check for update at startup: Check if an update is available everytime XL-Whois is started.

In General section, you can:

  • Choose to start XL-Whois in the taskbar (main window minimized).
  • Set the NsLookup timeout: When XL-Whois tries to resolve a hostname to an IP address or an IP address to a hostname, this is the time it will wait for the answer. Default is 10 seconds.
  • Customize the User-Agent of XL-Whois: The User-Agent is used to identify the tool when requesting databases from websites.

In Parser section, you can select or deselect objects to be extracted by XL-Whois. Objects are: IPv4, IPv6, Hostname and Domain name.

Storage tab

Xl-Whois Config Window - Storage

The following options have to be set in this tab:

  • Folder for reports: This is the folder where the whois reports will be saved.
    • Auto viewing: This option is used to open whois reports in browser (or the default program for .html file) as it go along. If number of reports is higher than the limit, reports will not be automatically open even if the option is selected.
    • If report exists, replace it: If selected, older report with the same name will be replaced. If unchecked, an incremental value will be added to the new report filename.
    • Open folder when finished: If selected, report folder will be opened in explorer at the end of the process.
  • Logging Database: This database is required only if you want to activate logging. See Logging Database section for more details.
  • Whois Database: The Whois Database is the main database where Network whois data will be saved. See Whois Database section for more details.
    • Store Network whois data: If this option is checked, XL-Whois will use a cache to store the whole Network whois response. The information will be available in the Whois Database window.

Databases tab

Xl-Whois Config Window - Databases

In this tab, you have to set the location of four databases:

Top of the page

Whois Database

Xl-Whois Whois Database

XL-Whois use SQlite for the Whois Database. Everytime you use XL-Whois and send a Network whois request, the answer is parsed and some details are stored in the database. This includes: IP address range, ISP, Country and Date of the request. Below are explanations about the functions in this Window:

  • Header functions (buttons on top of the window):

    • Export Database: Export the SQLite Database data to a text file. This file can be imported in another instance of XL-Whois.
    • Import to Database: The input file must have been created by the Export Database function. Unknown ISPs will be added and known ISPs will be modified if newer.
    • Extract whois info from a file: Network whois answer (raw format) is the same whatever the whois tool that has been used. This function uses the same parser as XL-Whois calls when it receives an answer from a whois request. Network whois data will be added to the Database if unknown, or modified if newer.
    • Analyse Database: Network whois from ARIN often contains more than one result: the specific range related to the IP address requested and one, or more, parent ranges. XL-Whois store all these IP address ranges in the database. This function helps you clean your database. You can keep more specific ranges or only keep the broader range for best performance. See window below:

    • Analyse Whois Database

    • Search: With this functionnality, you can search an IP address or a keyword. For IP address, it's based on IP range. For keyword, it looks at the ISP column.
    • Filter: To filter shown elements in the grid. Combination of multiple filters is supported. See window below:

    • Whois Database Filters

  • Grid functions:

    • Click: Clicking on header of each column is used to sort (ascending or descending) in alphanumeric order. Clicking on any other row will select the line. You can select multiple lines using SHIFT or CTRL like you do with other tools.
    • Double-click: If it's a green background line, it means that all Network whois data are stored in cache. Double-clicking this line will show this data in a popup window (see below).

    • Network Whois Data

    • Right click: Right click will show a popup menu:

      Whois database popup menu

      • Refresh selected ISP: This function will send a whois request for each selected range to update the ISP data.
      • Get all related ranges: The goal of this function is to get all IP ranges related to an ISP. Be aware that the related ranges are based on the ASN (originAS, aut-num, origin) or on an administrative id (orgRef, ownerid, admin-c). This function is still a work in progress... A popup like the one below will appear. You can select which range you want to add to your Whois Database.

      • Network Whois Data

      • Select All: Select all the line in the grid (CTRL+A can also be used).
      • Copy lines: Copy selected lines to clipboard. Header is always added to the selection. This allows you to easily copy your database in a spreadsheet or as text.
      • Add ISP: Add an entry manually.

      • Add/Edit an ISP

      • Edit ISP: Edit the selected ISP.
      • Delete lines: Delete selected lines.
Top of the page

Logging Database

Xl-Whois Logging Database

Logging Database can be opened in the Storage Tab of the Config Window or from the tray menu. Data from this database can also be imported or exported (right-click on any element in the grid). The Comment column is editable.

Top of the page

 

Credits to Free Website Templates for the template of this Website