Whois Lookup and Footprinting

Whois footprinting focuses on performing a whois lookup, analysing the Whois lookup results, and locating IP geolocation information. It helps in the gathering of domain information such as the organization's owner, registrar, registration data, name server, and contact information. 


Whois is a query and response protocol that is used to search databases that include the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an independent system. This protocol listens on port 43 for requests.

Regional Internet Registries (RIRs) maintain Whois databases, which contain the personal information of domain owners. Whois query returns the following information:
  • Domain name details
  • Contact details of the domain owner
  • Domain Name Servers
  • NetRange
  • When a domain has been created
  • Expiry Records
  • Records last updated
An attacker requests a Whois database server to gather information that can assist them in creating a map of the organization's network, deceiving domain owners via social engineering, and finally obtaining internal network details.

Services like http://whois.domaintools.com, https://www.tamos.com, and tools like Batch IP Converter, WhoIs Analyzer Pro, and AtiveWhois can help perform Whois lookups and extract information. In Kali, the pre-installed tool whois can be used as well. 

You might be interested in, 

No comments:

Post a Comment