Whois: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
= Whois = | = Whois = | ||
'''Whois''' is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs. It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly. Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility. | |||
'''Whois''' is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs. | |||
It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly. | |||
Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility. | |||
== <span id="options"></span>Common Options == | == <span id="options"></span>Common Options == | ||
| Line 10: | Line 14: | ||
| [[#ex-domain|<code>[DOMAIN]</code>]] || Lookup WHOIS data for a domain name (e.g. <code>example.com</code>) | | [[#ex-domain|<code>[DOMAIN]</code>]] || Lookup WHOIS data for a domain name (e.g. <code>example.com</code>) | ||
|- | |- | ||
| [[#ex-ip|<code>[IP]</code>]] || Retrieve WHOIS info for an | | [[#ex-ip|<code>[IP]</code>]] || Retrieve WHOIS info for an IPv4/IPv6 address (e.g. <code>8.8.8.8</code>) | ||
|- | |- | ||
| [[#ex-asn|<code>[ASN]</code>]] || Query information for an Autonomous System Number (e.g. <code>AS13335</code>) | | [[#ex-asn|<code>[ASN]</code>]] || Query information for an Autonomous System Number (e.g. <code>AS13335</code>) | ||
|} | |} | ||
=== | === Server & Control === | ||
{| class="wikitable" | {| class="wikitable" | ||
! Option !! Description | ! Option !! Description | ||
|- | |- | ||
| [[#ex-customserver|<code>-h [HOST]</code>]] || Use a specific WHOIS server (e.g. <code>whois.arin.net</code>) | | [[#ex-customserver|<code>-h [HOST]</code>]] || Use a specific WHOIS server (e.g. <code>whois.arin.net</code>) | ||
|- | |- | ||
| <code>-p [PORT]</code> || Connect to a custom port on the WHOIS server | | <code>-p [PORT]</code> || Connect to a custom port on the WHOIS server | ||
|- | |- | ||
| [[#ex-recursion|<code>--no-recursion</code>]] || Disable | | [[#ex-recursion|<code>--no-recursion</code>]] || Disable automatic follow‑up queries to referral servers | ||
|} | |} | ||
| Line 30: | Line 34: | ||
! Option !! Description | ! Option !! Description | ||
|- | |- | ||
| [[#ex-nowarnings|<code>-B</code>]] || Suppress legal disclaimers (Debian variant) | | [[#ex-nowarnings|<code>-B</code>]] || Suppress legal disclaimers (Debian/Ubuntu variant) | ||
|- | |- | ||
| <code>--verbose</code> || Print | | <code>--verbose</code> || Print additional debugging and parsing information | ||
|- | |- | ||
| <code>--raw</code> || Output the unprocessed server response | | <code>--raw</code> || Output the unprocessed server response exactly as received | ||
|} | |} | ||
| Line 49: | Line 53: | ||
whois 1.1.1.1 | whois 1.1.1.1 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<code># | <code># Displays the allocation owner (e.g. Cloudflare), network range, and ASN</code> | ||
=== <span id="ex-asn"></span>Autonomous System Lookup === | === <span id="ex-asn"></span>Autonomous System Lookup === | ||
| Line 55: | Line 59: | ||
whois AS13335 | whois AS13335 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<code># | <code># Shows info about the AS number, typically held by an ISP or CDN</code> | ||
=== <span id="ex-customserver"></span>Query Specific WHOIS Server === | === <span id="ex-customserver"></span>Query Specific WHOIS Server === | ||
| Line 61: | Line 65: | ||
whois -h whois.arin.net 8.8.8.8 | whois -h whois.arin.net 8.8.8.8 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<code># | <code># Sends the query directly to ARIN for North American IP information</code> | ||
=== <span id="ex-nowarnings"></span>Suppress Legal Info === | === <span id="ex-nowarnings"></span>Suppress Legal Info === | ||
| Line 67: | Line 71: | ||
whois -B example.com | whois -B example.com | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<code># | <code># Removes long legal disclaimers from the output (where supported)</code> | ||
=== <span id="ex-recursion"></span>Disable Referral Recursion === | === <span id="ex-recursion"></span>Disable Referral Recursion === | ||
| Line 73: | Line 77: | ||
whois --no-recursion example.com | whois --no-recursion example.com | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<code># Prevents follow‑up lookups to | <code># Prevents follow‑up lookups to secondary registrar servers</code> | ||
== | == See Also == | ||
* [[dig]] | * [[dig]] | ||
* [[nslookup]] | * [[nslookup]] | ||
Revision as of 18:12, 13 May 2025
Whois
Whois is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs. It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly.
Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility.
Common Options
Query Types
| Option | Description |
|---|---|
[DOMAIN] |
Lookup WHOIS data for a domain name (e.g. example.com)
|
[IP] |
Retrieve WHOIS info for an IPv4/IPv6 address (e.g. 8.8.8.8)
|
[ASN] |
Query information for an Autonomous System Number (e.g. AS13335)
|
Server & Control
| Option | Description |
|---|---|
-h [HOST] |
Use a specific WHOIS server (e.g. whois.arin.net)
|
-p [PORT] |
Connect to a custom port on the WHOIS server |
--no-recursion |
Disable automatic follow‑up queries to referral servers |
Output Handling
| Option | Description |
|---|---|
-B |
Suppress legal disclaimers (Debian/Ubuntu variant) |
--verbose |
Print additional debugging and parsing information |
--raw |
Output the unprocessed server response exactly as received |
Examples
Basic Domain Lookup
whois example.com# Shows registrar, contact info, creation/expiry dates, etc.
IP Address Lookup
whois 1.1.1.1# Displays the allocation owner (e.g. Cloudflare), network range, and ASN
Autonomous System Lookup
whois AS13335# Shows info about the AS number, typically held by an ISP or CDN
Query Specific WHOIS Server
whois -h whois.arin.net 8.8.8.8# Sends the query directly to ARIN for North American IP information
Suppress Legal Info
whois -B example.com# Removes long legal disclaimers from the output (where supported)
Disable Referral Recursion
whois --no-recursion example.com# Prevents follow‑up lookups to secondary registrar servers