Whois – Server Reconnaissance

Overview

WHOIS (RFC 3912) protocol is a query and response protocol. The Whois tool is used to establish this protocol and intelligently choose the appropriate whois server and query its database. The information gathered from this database is information such as contact details for domains, IP Addresses and Admin assignments.

How to use Whois

The command format to use whois is

whois <Domain/URL>

This simple command gives a lot of information about the domain such as:

  • Creation Date
  • Updated Date
  • Registry
  • Registrant (details)
  • Name Server
  • DNSSEC
  • Admin (details)
  • etc

These are useful information that can help you get a better picture of your target.

We can also see that whois gathers this information instantly.

Conclusion

Whois is a very simple tool but it gathers a lot of information in a short amount of time. Thus, it is a tool you will want to add to your toolkit in for information gathering for your penetration test.

Whois Resources

Kali Linux page for Whois: https://www.kali.org/tools/whois/

Source Repository for Whois: https://github.com/rfc1036/whois

Related Articles

5 Popular Open Source Tools for Reconnaissance

Wappalyzer – Website Technology Identifier for Pentesting

DNSrecon – DNS reconnaissance for Penetration Testing 

Sublist3r – Subdomain Finder for Pentesting

How to use OWASP ZAP – Open Source Vulnerability Scanner

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us on Twitter
Follow Us on LinkedIn
Follow Us on YouTube
Follow Us on Facebook