Whois footprinting focuses on performing a whois lookup, analysing the Whois lookup results, and locating IP geolocation information. It helps in the gathering of domain information such as the organization's owner, registrar, registration data, name server, and contact information.
WHOIS LOOKUP
Whois is a query and response protocol that is used to search databases that
include the registered users or assignees of an Internet resource, such as a
domain name, an IP address block, or an independent system. This protocol
listens on port 43 for requests.
Regional Internet Registries (RIRs) maintain Whois databases, which contain
the personal information of domain owners. Whois query returns the following
information:
- Domain name details
- Contact details of the domain owner
- Domain Name Servers
- NetRange
- When a domain has been created
- Expiry Records
- Records last updated
An attacker requests a Whois database server to gather information that can
assist them in creating a map of the organization's network, deceiving
domain owners via social engineering, and finally obtaining internal network
details.
Services like
http://whois.domaintools.com, https://www.tamos.com, and tools like Batch IP Converter, WhoIs Analyzer Pro, and AtiveWhois
can help perform Whois lookups and extract information. In Kali, the
pre-installed tool
whois can be
used as well.
You might be interested in,
- Phases of Hacking
- Introduction to Footprinting - First Step to Hacking
- Information Obtained in Footprinting
- Objective and Threats of Footprinting
- Countermeasures of Footprinting
- Footprinting - First Step on Hacking (Summary) with Tools
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
No comments:
Post a Comment