Whois
Whois is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs.
It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly.
Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility.
Common Options
Query Control
| Option |
Description
-h [HOST]
-
-p [PORT]
-
--verbose
}
Input Types
| Option |
Description
[DOMAIN]
-
[IP]
-
[ASN]
}
Output Control
| Option |
Description
-B
-
--raw
-
--no-recursion
}
Examples
Basic Domain Lookup
# Shows registrar, contact info, creation/expiry dates, etc.
IP Address Lookup
# Shows IP range owner (e.g. Cloudflare), ASN, and network details
Autonomous System Lookup
# Displays info about the AS number, usually held by ISPs or CDNs
Query Specific WHOIS Server
whois -h whois.arin.net 8.8.8.8 # Directs the query to ARIN for North American IP info
Suppress Legal Info
# Suppresses legal disclaimers in output (Debian variant)
Disable Referral Recursion
whois --no-recursion example.com # Prevents follow-up lookups to second-level registrars
See Also
dig
nslookup
theHarvester
recon-ng
Nmap
|
|
|