osint-mcp-server

whois_ip

Retrieve network registration data for an IP address, including network name, CIDR range, country, and responsible entities.

Instructions

RDAP/WHOIS lookup for an IP address. Returns network name, CIDR range, country, and responsible entities.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`ip`	Yes	IP address to look up

Implementation Reference

src/whois/index.ts:105-145 (handler)

The `whoisIp` function performs RDAP/WHOIS lookup for an IP address by calling https://rdap.org/ip/{ip}, parsing the response into network info (name, CIDR, country, start/end addresses) and associated entities.

export async function whoisIp(ip: string): Promise<RdapIpResult> {
  await limiter.acquire();
  const res = await fetch(`https://rdap.org/ip/${ip}`);
  if (!res.ok) throw new Error(`RDAP IP lookup failed: ${res.status} ${res.statusText}`);
  const data = await res.json();

  const entities: RdapIpResult["entities"] = [];
  if (data.entities) {
    for (const ent of data.entities) {
      const roles = ent.roles ?? [];
      const vcard = ent.vcardArray?.[1];
      let name: string | undefined;
      if (vcard) {
        const fn = vcard.find((f: any) => f[0] === "fn");
        if (fn) name = fn[3];
      }
      for (const role of roles) {
        entities.push({ role, name });
      }
    }
  }

  // Build CIDR from cidr0_cidrs
  let cidr: string | undefined;
  if (data.cidr0_cidrs?.[0]) {
    const c = data.cidr0_cidrs[0];
    cidr = `${c.v4prefix ?? c.v6prefix}/${c.length}`;
  }

  return {
    ip,
    name: data.name,
    type: data.type,
    startAddress: data.startAddress,
    endAddress: data.endAddress,
    cidr,
    country: data.country,
    entities,
    port43: data.port43,
  };
}

src/whois/index.ts:19-29 (schema)

The `RdapIpResult` interface defines the return type for IP WHOIS lookups, including ip, name, type, startAddress, endAddress, cidr, country, entities, and port43.

interface RdapIpResult {
  ip: string;
  name?: string;
  type?: string;
  startAddress?: string;
  endAddress?: string;
  cidr?: string;
  country?: string;
  entities: { role: string; name?: string }[];
  port43?: string;
}

src/protocol/tools.ts:99-106 (registration)

The `whoisIpTool` definition registers the tool with name 'whois_ip', description, Zod schema requiring 'ip' as a string, and an execute function that calls `whoisIp(args.ip)`.

const whoisIpTool: ToolDef = {
  name: "whois_ip",
  description: "RDAP/WHOIS lookup for an IP address. Returns network name, CIDR range, country, and responsible entities.",
  schema: {
    ip: z.string().describe("IP address to look up"),
  },
  execute: async (args) => json(await whoisIp(args.ip as string)),
};

src/protocol/tools.ts:491-491 (registration)
The `whoisIpTool` is included in the `allTools` array export, making it available to the MCP server.
```
whoisIpTool,
```
src/index.ts:28-28 (registration)
The tool is listed under the 'WHOIS / RDAP' category in the TOOL_CATEGORIES array for display purposes.
```
{ label: "WHOIS / RDAP", env: null, tools: ["whois_domain", "whois_ip"] },
```

Tool Definition Quality

A3.7/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It indicates a read-only lookup operation and specifies return fields, but lacks details on rate limits, authorization requirements, or error handling.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Description is concise with one sentence conveying the core purpose and return values. Could be slightly more structured but is not verbose.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool is a simple lookup with no output schema, the description adequately covers the key return fields. Missing details on response format or error cases, but overall sufficient for its complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The single parameter 'ip' is described in the schema as 'IP address to look up', which is already clear. The description adds no additional meaning beyond the schema, and schema coverage is 100%, so baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states it performs RDAP/WHOIS lookup for an IP address and lists the specific return fields (network name, CIDR range, country, responsible entities). This distinguishes it from sibling tools like whois_domain or bgp_ip.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No explicit guidance on when to use this tool versus alternatives such as shodan_host or vt_ip. Usage context is implied by the tool name and description but not directly addressed.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/badchars/osint-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server