Identifying Website Visitor IP Addresses Using PowerShell

Posted on June 9, 2015 by Jeff Hicks in PowerShell with 0 Comments

Today’s PowerShell Problem Solver focuses on a problem of my own. As you might imagine, running a blog is a time-consuming task, where I frequently run into performance or security problems that often leads me to downloading raw log files. Although processing this data can be tedious, PowerShell can help. One task I wanted is perform is to identify a website visitor’s IP address with the information I’ve obtained from my raw log files. This can easily done with PowerShell by accessing WhoIs information, which I’ll show you how to do in this article.

Although there are several websites that provide IP address information, I wasn’t about to manually copy and paste hundreds of IP addresses to get the information I needed. After a little research, I found a freely available web service that returns WhoIs information. These types of web services are intended for other websites and applications to consume, but you can just as easily use them in PowerShell. The arin.net website offers a number of free services. You have to take the time to read how to use them and figure out how to translate what you read into a PowerShell command. There’s no magic conversion, but hopefully with experience and examples like what I have for you today, this will become easier.

The service is exposed as a REST API. If you can find a service that uses the REST API, then you can use the Invoke-RestMethod cmdlet. That’s what we’re going to do here. The cmdlet needs address, which I’ll construct in PowerShell:

Ready for how easy this is?

Very often the results come back as an XML document.

Our results returned in an XML document. (Image Credit: Jeff Hicks)

Our results returned in an XML document. (Image Credit: Jeff Hicks)

This lets you walk through the document easily.

The name property looks like it will be useful, which we can grab like this:

We can also obtain multiple properties.

Obtaining multiple properties. (Image Credit: Jeff Hicks)

Obtaining multiple properties. (Image Credit: Jeff Hicks)

I can also keep drilling down. When I see a property name and a value of the same, this is probably another nested layer.

This name looks like it belongs to a corporation, which is useful. Look at the #text property. That is another URL and since it has ‘rest’ in the path, I bet it is another service I can query.

Sponsored

I already knew about this from reading the API documentation on the site, but even without that knowledge, it doesn’t cost me anything to try.

Because the XML node has a # in the name, I need to quote it. There were no errors, so what did I get?

Using InvokeRestMethod in Windows PowerShell. (Image Credit: Jeff Hicks)

Using InvokeRestMethod in Windows PowerShell. (Image Credit: Jeff Hicks)

Here’s another XML document that I can navigate and get some useful information. Excellent. Now that I have some core commands that work, I can build a re-usable function.

The Get-MyWhoIs function takes an IPv4 address as a parameter. By default, it only returns the name.

The get-mywhois function in Windows PowerShell. (Image Credit: Jeff Hicks)

The get-mywhois function in Windows PowerShell. (Image Credit: Jeff Hicks)

I also wrote the function so that I could pipe in an array of IP addresses.

Piping in an array of IP addresses in Windows PowerShell. (Image Credit: Jeff Hicks)

Piping in an array of IP addresses in Windows PowerShell. (Image Credit: Jeff Hicks)

My function will also get detailed information and drill down to the second link.

In PowerShell, this is a seamless experience and not much different than getting a service or process.

One last note on my function: I could have called it Get-WhoIs, but since “WhoIs” is practically an accepted standard term, I felt there might be a chance for a naming collision.

Sponsored

Instead, I simply added a My prefix to the noun. Some people and companies also use their initials. It doesn’t really matter. As long as some portion the noun is predictable, your command should be discoverable. I always tell people that when developing a PowerShell tool, you have to think about who will use it and what expectations they will bring to the table.

If you would like to learn more about scripting and toolmaking, consider getting a copy of Learn PowerShell Toolmaking in a Month of Lunches, 2nd. Ed.

Sponsored

Tagged with , , , ,