Quartz 4

WHOIS

2 min read

WHOIS (pronounced “who is”) is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.

In the context of your cybersecurity studies and pentesting lab, it is a fundamental tool for Passive Reconnaissance.

What Information Does It Provide?

When you perform a WHOIS lookup on a domain (e.g., google.com), the database typically returns:

  • Registrar Information: Who sold the domain (e.g., GoDaddy, Namecheap).

  • Registration Dates: When the domain was created, last updated, and when it expires.

  • Name Servers: The servers that direct traffic for the domain (often revealing if they use services like Cloudflare).

  • Contact Information: Names, addresses, and emails of the registrant, administrative, and technical contacts (though this is often redacted for privacy).

  • IP Blocks: For IP addresses, it shows which organization owns the range (e.g., Amazon, Department of Defense).

Why It’s Important for Pentesting

  1. Identifying Targets: It helps you find out who owns a specific IP address or domain to ensure you are within the “Scope of Work.”

  2. Social Engineering: Finding the names or email addresses of IT administrators can provide a starting point for phishing or pretexting.

  3. Infrastructure Mapping: Knowing the Name Servers or IP ranges can help you discover other domains or subdomains owned by the same organization.

Privacy and “WHOIS Privacy”

In recent years, due to regulations like GDPR, much of the personal information (names/phone numbers) is now hidden by “Redaction” or “WHOIS Privacy” services. However, the technical data (dates and name servers) usually remains public.

+1

How to use it in your Linux Lab

Since you have your ASUS laptop running Linux, the whois tool is likely already installed or easy to add.

  • To scan a domain: whois target-domain.com

  • To scan an IP address: whois 8.8.8.8

Comparison with Other Tools

While WHOIS tells you who owns the domain and where it is registered, tools like NSLookup or DIG tell you how that domain is configured in the DNS system.

reconnaissance networkreconnaissance #CLItool

Graph View

Backlinks