Whois: Difference between revisions

From HackOps
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Whois =
= Whois =
'''Whois''' is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs. It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly. Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility.
 
'''Whois''' is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs.
It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly.
 
Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility.


== <span id="options"></span>Common Options ==
== <span id="options"></span>Common Options ==
Line 7: Line 11:
{| class="wikitable"
{| class="wikitable"
! Option !! Description
! Option !! Description
[[#ex-domain
|-
-
| [[#ex-domain|<code>[DOMAIN]</code>]] || Lookup WHOIS data for a domain name
[[#ex-ip
|-
-
| [[#ex-ip|<code>[IP]</code>]] || Retrieve WHOIS information for an IPv4/IPv6 address
[[#ex-asn
|-
}
| [[#ex-asn|<code>[ASN]</code>]] || Query registration data for an Autonomous System Number
|}


=== Server & Control ===
=== Server & Control ===
{| class="wikitable"
{| class="wikitable"
! Option !! Description
! Option !! Description
[[#ex-customserver
|-
-
| [[#ex-customserver|<code>-h&nbsp;[HOST]</code>]] || Use a specific WHOIS server
<code>-p [PORT]</code>
|-
-
| <code>-p&nbsp;[PORT]</code> || Connect to a custom port on the WHOIS server
[[#ex-recursion
|-
}
| [[#ex-recursion|<code>--no-recursion</code>]] || Disable automatic follow‑up queries to referral servers
|}


=== Output Handling ===
=== Output Handling ===
{| class="wikitable"
{| class="wikitable"
! Option !! Description
! Option !! Description
[[#ex-nowarnings
|-
-
| [[#ex-nowarnings|<code>-B</code>]] || Suppress legal disclaimers
<code>--verbose</code>
|-
-
| <code>--verbose</code> || Print additional debugging and parsing information
<code>--raw</code>
|-
}
| <code>--raw</code> || Output the unprocessed server response
|}


== Examples ==
== Examples ==
Line 40: Line 47:
whois example.com
whois example.com
</syntaxhighlight>
</syntaxhighlight>
<code># Shows registrar, contact info, creation/expiry dates, etc.</code>


=== <span id="ex-ip"></span>IP Address Lookup ===
=== <span id="ex-ip"></span>IP Address Lookup ===
Line 46: Line 52:
whois 1.1.1.1
whois 1.1.1.1
</syntaxhighlight>
</syntaxhighlight>
<code># Shows IP range owner (e.g. Cloudflare), ASN, and network details</code>


=== <span id="ex-asn"></span>Autonomous System Lookup ===
=== <span id="ex-asn"></span>Autonomous System Lookup ===
Line 52: Line 57:
whois AS13335
whois AS13335
</syntaxhighlight>
</syntaxhighlight>
<code># Displays info about the AS number, usually held by ISPs or CDNs</code>


=== <span id="ex-customserver"></span>Query Specific WHOIS Server ===
=== <span id="ex-customserver"></span>Query Specific WHOIS Server ===
Line 58: Line 62:
whois -h whois.arin.net 8.8.8.8
whois -h whois.arin.net 8.8.8.8
</syntaxhighlight>
</syntaxhighlight>
<code># Directs the query to ARIN for North American IP info</code>


=== <span id="ex-nowarnings"></span>Suppress Legal Info ===
=== <span id="ex-nowarnings"></span>Suppress Legal Info ===
Line 64: Line 67:
whois -B example.com
whois -B example.com
</syntaxhighlight>
</syntaxhighlight>
<code># Suppresses legal disclaimers in output (Debian variant)</code>


=== <span id="ex-recursion"></span>Disable Referral Recursion ===
=== <span id="ex-recursion"></span>Disable Referral Recursion ===
Line 70: Line 72:
whois --no-recursion example.com
whois --no-recursion example.com
</syntaxhighlight>
</syntaxhighlight>
<code># Prevents follow-up lookups to second-level registrars</code>
== See Also ==
    [[dig]]
    [[nslookup]]
    [[theHarvester]]
    [[recon-ng]]


    [[Nmap]]
== See Also ==
* [[dig]]
* [[nslookup]]
* [[theHarvester]]
* [[recon-ng]]
* [[Nmap]]

Latest revision as of 18:13, 13 May 2025

Whois

Whois is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs. It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly.

Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility.

Common Options

Query Types

Option Description
[DOMAIN] Lookup WHOIS data for a domain name
[IP] Retrieve WHOIS information for an IPv4/IPv6 address
[ASN] Query registration data for an Autonomous System Number

Server & Control

Option Description
-h [HOST] Use a specific WHOIS server
-p [PORT] Connect to a custom port on the WHOIS server
--no-recursion Disable automatic follow‑up queries to referral servers

Output Handling

Option Description
-B Suppress legal disclaimers
--verbose Print additional debugging and parsing information
--raw Output the unprocessed server response

Examples

Basic Domain Lookup

whois example.com

IP Address Lookup

whois 1.1.1.1

Autonomous System Lookup

whois AS13335

Query Specific WHOIS Server

whois -h whois.arin.net 8.8.8.8

Suppress Legal Info

whois -B example.com

Disable Referral Recursion

whois --no-recursion example.com

See Also

Retrieved from "https://hackops.wiki/index.php?title=Whois&oldid=58"