Whois

Whois is a passive reconnaissance tool used to gather public registration data about domain names, IP addresses, and ASNs. It queries public WHOIS databases to retrieve ownership, administrative contacts, creation/expiry dates, and registrar details — all without touching the target server directly.

Whois is essential in early recon phases for identifying ownership chains, domain infrastructure, and legal responsibility.

Common Options

Query Types

Option

Description

[[#ex-domain - [[#ex-ip - [[#ex-asn }

Server & Control

Option

Description

[[#ex-customserver - -p [PORT] - [[#ex-recursion }

Output Handling

Option	Description [[#ex-nowarnings - `--verbose` - `--raw` } Examples Basic Domain Lookup whois example.com `# Shows registrar, contact info, creation/expiry dates, etc.` IP Address Lookup whois 1.1.1.1 `# Shows IP range owner (e.g. Cloudflare), ASN, and network details` Autonomous System Lookup whois AS13335 `# Displays info about the AS number, usually held by ISPs or CDNs` Query Specific WHOIS Server whois -h whois.arin.net 8.8.8.8 `# Directs the query to ARIN for North American IP info` Suppress Legal Info whois -B example.com `# Suppresses legal disclaimers in output (Debian variant)` Disable Referral Recursion whois --no-recursion example.com `# Prevents follow-up lookups to second-level registrars` See Also dig nslookup theHarvester recon-ng Nmap

Whois

Contents

Whois

Common Options

Query Types

Server & Control

Output Handling

Examples

Basic Domain Lookup

IP Address Lookup

Autonomous System Lookup

Query Specific WHOIS Server

Suppress Legal Info

Disable Referral Recursion

See Also

Navigation menu

Whois

Whois

Common Options

Query Types

Server & Control

Output Handling

Examples

Basic Domain Lookup

IP Address Lookup

Autonomous System Lookup

Query Specific WHOIS Server

Suppress Legal Info

Disable Referral Recursion

See Also

Navigation menu

Search