Whois
Whois
Whois is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs. It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly.
Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility.
Common Options
Query Types
| Option | Description |
|---|---|
[DOMAIN] |
Lookup WHOIS data for a domain name (e.g. example.com)
|
[IP] |
Retrieve WHOIS info for an IPv4/IPv6 address (e.g. 8.8.8.8)
|
[ASN] |
Query information for an Autonomous System Number (e.g. AS13335)
|
Server & Control
| Option | Description |
|---|---|
-h [HOST] |
Use a specific WHOIS server (e.g. whois.arin.net)
|
-p [PORT] |
Connect to a custom port on the WHOIS server |
--no-recursion |
Disable automatic follow‑up queries to referral servers |
Output Handling
| Option | Description |
|---|---|
-B |
Suppress legal disclaimers (Debian/Ubuntu variant) |
--verbose |
Print additional debugging and parsing information |
--raw |
Output the unprocessed server response exactly as received |
Examples
Basic Domain Lookup
whois example.com# Shows registrar, contact info, creation/expiry dates, etc.
IP Address Lookup
whois 1.1.1.1# Displays the allocation owner (e.g. Cloudflare), network range, and ASN
Autonomous System Lookup
whois AS13335# Shows info about the AS number, typically held by an ISP or CDN
Query Specific WHOIS Server
whois -h whois.arin.net 8.8.8.8# Sends the query directly to ARIN for North American IP information
Suppress Legal Info
whois -B example.com# Removes long legal disclaimers from the output (where supported)
Disable Referral Recursion
whois --no-recursion example.com# Prevents follow‑up lookups to secondary registrar servers