hinfo --help hinfo --version hinfo [-bdenstuvw] [+bdenuvw] [-f \fIconfig\fP] [-p \fIpager\fP] [-s \fInameserver\fP] [-t \fItimeout\fP] [\fIIP\fP | \fIhostname\fP | \fIURL\fP]... (See the OPTIONS section for alternate option syntax with long option names.)
DESCRIPTION
Hinfo is a utility that will display information about a host. It is
primarily designed to find the owner of an IP block in order to direct
spam complaints to where they may do some good.
Hinfo decrypts obfuscated IPs and URLs, and will find the host portion of a
URL or email address. You can feed it most forms of obfuscated
addresses that I've seen and have it extract the IP or hostname.
Hinfo also does DNS lookups to check validity. It will alert if bogus or forged
rDNS records are present.
If
hinfo is given a hostname domain based blacklist checks are done if
the -d option is not specified. If the rDNS isn't forged, domain
based lookups are done on it as well.
The IP is then checked with a number of IP based blackhole lists if
the -b option is not specified. If the hostname has multiple IPs, all
are checked.
The ASN and CIDR for it are displayed if -r or --no-asn are not
specified.
Unless the -w option is specified, the whois database is then queried
for the owner of the IP block containing this address. Most
irrelevant noise is not displayed. Unfortunately, this output is
non-uniformly formated and can be difficult to read.
The output is sent through the users pager by default. (Pager can be
selected with the -p option, or eliminated with the -n option.) The -u
option can be used for HTML formatted output. (implies -n)
Duplicate IPs or hostnames will only be processed once. This is so
the high-overhead lookups are not repeated if multiple hostnames with
the same IP are on the same command line.
Some optional messages are printed at higher verbosity. -vvv will
select all such messages, and +vvv will turn off all such messages.
If it appears that multiple NIC handles have been returned, by
default a whois query is done on the first. Use the -e option to
lookup all of them, or +e to not look up any.
The -t option specified the time to wait for DNS and whois responses
in seconds. It's a compromise between how long running hinfo takes
and how complete the information it displays is. The current default
is 25 seconds, values 15-60 are reasonable. If you frequently get
timeout messages, you may want to increase this or exclude the
slow-responding DNSBL.
The -m option will produce output about the hosts pointed to by the
named host's MX records in addition to the other output.
OPTIONS
Most options can be given in either a long or short name form, and may
preceded by + rather than - for reverse meaning.
"-b
Do not use blackhole lists
"+b
Use blackhole lists
"-d
Do not use domain based queries
"+d
Use domain based queries
"-e
Expand all NIC handles
"+e
Do not expand any NIC handles
"-f
Read configuration options from config. If this is the first option,
this will be instead of .hinforc or /etc/hinfo.conf rather than in addition to.
"-h
Print the list of options and exit.
"-m
Process the MX records
"-n
Do not use pager on output
"-p
Use pager rather than $PAGER
"-r or --no-asn
Do not look up ASN information
"-s
Use DNS server nameserver
"-t
Stop waiting for DNS and whois responses timeout seconds after the last
response
"-u
Format output as html
"+u
Do not format output as html
"-v
request more verbose output. May be specified multiple times for
additional verbosity.
"+v
Request less verbose output. May be specified multiple times for
reduced verbosity.
"--version"
Display program and configuration versions and exit
"-w
Do not do IP block lookups
"+w
Do IP block lookups
CONFIGURATION FILE
The blackhole lists to use, information on whois servers, and the
default settings of the options are configured in the file ~/.hinforc,
/etc/hinfo.conf, or /usr/local/etc/hinfo.conf. (Only the first found
is processed, so if you have a .hinforc, /etc/hinfo isn't read unless
you have "use '/etc/hinfo.conf';" in it.) It should be possible to
figure it out from the supplied example, but knowing perl would be
helpful. If the -f option is the first option, the file specified
there is the only one processed.
