Automating RDAP Queries with Python, Go, and Bash

Automating RDAP queries is essential for security analysts, sysadmins, and developers who need to programmatically retrieve and analyze domain or IP registration data. With support for HTTP-based access and structured JSON responses, RDAP is well-suited for scripting and integration into monitoring or data enrichment pipelines. This article explores how to use Python, Go, and Bash to automate RDAP lookups, parse results, and extract key information such as email addresses and domain creation dates.

Python RDAP Query Script

Python offers flexible libraries for interacting with RDAP services. A simple and effective library is python-rdap, which wraps RDAP queries and outputs JSON data.

Installation:

pip install python-rdap

Example script:

import rdap
import json

client = rdap.RDAPClient()

domain = "example.com"
response = client.get_domain(domain)

print(json.dumps(response, indent=2))

The response is a nested JSON object. From this, you can extract emails and domain creation data as follows:

entities = response.get('entities', [])
emails = []

for entity in entities:
    vcard_array = entity.get('vcardArray', [])
    if vcard_array and isinstance(vcard_array, list):
        for v in vcard_array[1]:
            if v[0] == 'email':
                emails.append(v[3])

print("Emails:", emails)
print("Created:", response.get('events', [{}])[0].get('eventDate'))

Using go-rdap for RDAP Automation

The go-rdap library provides a client interface to make RDAP requests in Go. It supports both domain and IP lookups and returns structured objects ready for parsing.

Installation:

go get github.com/openrdap/rdap

Sample Go code:

package main

import (
  "fmt"
  "github.com/openrdap/rdap"
)

func main() {
  result, err := rdap.QueryDomain("example.com")
  if err != nil {
    panic(err)
  }

  fmt.Println("Domain:", result.LDHName)
  fmt.Println("Emails:")
  for _, e := range result.Entities {
    for _, v := range e.VCard {
      if v.Name == "email" {
        fmt.Println(" -", v.Value)
      }
    }
  }

  for _, evt := range result.Events {
    if evt.EventAction == "registration" {
      fmt.Println("Created:", evt.EventDate)
    }
  }
}

The Go approach is especially useful for building high-performance tools and services where RDAP lookups need to be integrated into real-time systems.

Quick RDAP Lookups in Bash

If you prefer command-line tools or scripting in Unix environments, Bash can also be used to automate RDAP queries using curl and jq.

Example command:

curl -s https://rdap.verisign.com/com/v1/domain/example.com | jq '.entities[].vcardArray[1][] | select(.[0]=="email") | .[3]'

This will extract email addresses from the RDAP response. To get the domain creation date:

curl -s https://rdap.verisign.com/com/v1/domain/example.com | jq '.events[] | select(.eventAction=="registration") | .eventDate'

These Bash one-liners are ideal for integrating into monitoring scripts, cron jobs, or threat intelligence pipelines.

Best Practices for RDAP Automation

• Always respect rate limits and Terms of Service for RDAP providers.
• Cache results when querying the same domain or IP multiple times.
• Normalize extracted fields to handle variations across registrars.
• Use error handling to catch invalid or incomplete responses.

Whether using Python, Go, or Bash, automating RDAP queries provides a powerful way to enrich data, monitor domain status, and conduct research. Choosing the right tool depends on your environment and performance needs, but each method provides full access to RDAP’s structured and secure data.