hinfo - display (spam) host information
hinfo [-bdenstuvw] [+bdenuvw] [-f config] [-p pager]
[-s nameserver] [-t timeout]
[IP | hostname | URL]...
(See the OPTIONS section for alternate option syntax with long option names.)
is a utility that will display information about a host. It is
primarily designed to find the owner of an IP block in order to direct spam
complaints to where they may do some good.
decrypts obfuscated IPs and URLs, and will find the host portion of
a URL or email address. You can feed it most forms of obfuscated addresses
that I've seen and have it extract the IP or hostname.
also does DNS lookups to check validity. It will alert if bogus or
forged rDNS records are present.
is given a hostname domain based blacklist checks are done if
the -d option is not specified. If the rDNS isn't forged, domain based lookups
are done on it as well.
The IP is then checked with a number of IP based blackhole lists if the -b
option is not specified. If the hostname has multiple IPs, all are checked.
Unless the -w option is specified, the whois database is then queried for the
owner of the IP block containing this address. Most irrelevant noise is not
displayed. Unfortunately, this output is non-uniformly formated and can be
difficult to read.
The output is sent through the users pager by default. (Pager can be selected
with the -p option, or eliminated with the -n option.) The -u option can be
used for HTML formatted output. (implies -n)
Duplicate IPs or hostnames will only be processed once. This is so the
high-overhead lookups are not repeated if multiple hostnames with the same IP
are on the same command line.
Some optional messages are printed at higher verbosity. -vvv will select all
such messages, and +vvv will turn off all such messages.
If it appears that multiple NIC handles have been returned, by default a whois
query is done on the first. Use the -e option to lookup all of them, or +e to
not look up any.
The -t option specified the time to wait for DNS and whois responses in seconds.
It's a compromise between how long running hinfo takes and how complete the
information it displays is. The current default is 25 seconds, values 15-60
are reasonable. If you frequently get timeout messages, you may want to
increase this or exclude the slow-responding DNSBL.
Most options can be given in either a long or short name form, and may preceded
by + rather than - for reverse meaning.
- -b or --no-blackhole
- Do not use blackhole lists
- +b or +-no-blackhole
- Use blackhole lists
- -d or --no-domain
- Do not use domain based queries
- +d or +-no-domain
- Use domain based queries
- -e or --expand-handles
- Expand all NIC handles
- +e or +-expand-handles
- Do not expand any NIC handles
- -f or --config-file config
- Read configuration options from config. If this is the first
option, this will be instead of .hinforc or /etc/hinfo.conf rather than in
- -h or --help
- Print the list of options and exit.
- -n or --no-pager
- Do not use pager on output
- -p or --pager pager
- Use pager rather than $PAGER
- -s or --nameserver
- Use DNS server nameserver
- -t or --timeout timeout
- Stop waiting for DNS and whois responses timeout seconds after the
- -u or --html
- Format output as html
- +u or +-html
- Do not format output as html
- -v or --verbose
- request more verbose output. May be specified multiple times for
- +v or +-verbose
- Request less verbose output. May be specified multiple times for reduced
- Display program and configuration versions and exit
- -w or --no-whois
- Do not do IP block lookups
- +w or +-no-whois
- Do IP block lookups
The blackhole lists to use, information on whois servers, and the default
settings of the options are configured in the file ~/.hinforc,
/etc/hinfo.conf, or /usr/local/etc/hinfo.conf. (Only the first found is
processed, so if you have a .hinforc, /etc/hinfo isn't read unless you have
"use '/etc/hinfo.conf';" in it.) It should be possible to figure it
out from the supplied example, but knowing perl would be helpful. If the -f
option is the first option, the file specified there is the only one
For information on the current version, see