Whois: Difference between revisions
No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
{| class="wikitable" | {| class="wikitable" | ||
! Option !! Description | ! Option !! Description | ||
[[#ex-domain | |- | ||
- | | [[#ex-domain|<code>[DOMAIN]</code>]] || Lookup WHOIS data for a domain name (e.g. <code>example.com</code>) | ||
[[#ex-ip | |- | ||
- | | [[#ex-ip|<code>[IP]</code>]] || Retrieve WHOIS info for an IP address (e.g. <code>8.8.8.8</code>) | ||
[[#ex-asn | |- | ||
} | | [[#ex-asn|<code>[ASN]</code>]] || Query information for an Autonomous System Number (e.g. <code>AS13335</code>) | ||
|} | |||
=== Server & Control === | === Server & Control === | ||
{| class="wikitable" | {| class="wikitable" | ||
! Option !! Description | ! Option !! Description | ||
[[#ex-customserver | |- | ||
- | | [[#ex-customserver|<code>-h [HOST]</code>]] || Use a specific WHOIS server (e.g. <code>whois.arin.net</code>) | ||
<code>-p [PORT]</code> | |- | ||
- | | <code>-p [PORT]</code> || Connect to a custom port on the WHOIS server | ||
[[#ex-recursion | |- | ||
} | | [[#ex-recursion|<code>--no-recursion</code>]] || Disable following referral WHOIS servers | ||
|} | |||
=== Output Handling === | === Output Handling === | ||
{| class="wikitable" | {| class="wikitable" | ||
! Option !! Description | ! Option !! Description | ||
[[#ex-nowarnings | |- | ||
- | | [[#ex-nowarnings|<code>-B</code>]] || Suppress legal disclaimers (Debian variant) | ||
<code>--verbose</code> | |- | ||
- | | <code>--verbose</code> || Print verbose output (implementation‑dependent) | ||
<code>--raw</code> | |- | ||
} | | <code>--raw</code> || Output the unprocessed server response | ||
|} | |||
== Examples == | == Examples == | ||
| Line 70: | Line 73: | ||
whois --no-recursion example.com | whois --no-recursion example.com | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<code># Prevents | <code># Prevents follow‑up lookups to second‑level registrars</code> | ||
== See Also == | == See Also == | ||
* [[dig]] | |||
* [[nslookup]] | |||
* [[theHarvester]] | |||
* [[recon-ng]] | |||
* [[Nmap]] | |||
Revision as of 18:09, 13 May 2025
Whois
Whois is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs. It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly. Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility.
Common Options
Query Types
| Option | Description |
|---|---|
[DOMAIN] |
Lookup WHOIS data for a domain name (e.g. example.com)
|
[IP] |
Retrieve WHOIS info for an IP address (e.g. 8.8.8.8)
|
[ASN] |
Query information for an Autonomous System Number (e.g. AS13335)
|
Server & Control
| Option | Description |
|---|---|
-h [HOST] |
Use a specific WHOIS server (e.g. whois.arin.net)
|
-p [PORT] |
Connect to a custom port on the WHOIS server |
--no-recursion |
Disable following referral WHOIS servers |
Output Handling
| Option | Description |
|---|---|
-B |
Suppress legal disclaimers (Debian variant) |
--verbose |
Print verbose output (implementation‑dependent) |
--raw |
Output the unprocessed server response |
Examples
Basic Domain Lookup
whois example.com# Shows registrar, contact info, creation/expiry dates, etc.
IP Address Lookup
whois 1.1.1.1# Shows IP range owner (e.g. Cloudflare), ASN, and network details
Autonomous System Lookup
whois AS13335# Displays info about the AS number, usually held by ISPs or CDNs
Query Specific WHOIS Server
whois -h whois.arin.net 8.8.8.8# Directs the query to ARIN for North American IP info
Suppress Legal Info
whois -B example.com# Suppresses legal disclaimers in output (Debian variant)
Disable Referral Recursion
whois --no-recursion example.com# Prevents follow‑up lookups to second‑level registrars