Hello aspiring Ethical Hackers. In this blogpost you will learn about Whois Footprinting. In our previous blogpost, you were given an introduction to Footprinting and types of Footprinting. Whois Footprinting is one type of footprinting. In my opinion, Whois footprinting is the first method of footprinting that should be used while starting information gathering.
What is Whois?
Whois is actually a protocol running on port 43. When you or any organization register a domain (eg: hackercoolmagazine.com), a record is created. This record is known as Whois record and is created by an organization called Internet Corporation for Assigned Names and Numbers (ICANN) which regulates domain name registration and ownership. Whois records are maintained by Regional Internet Registries (RIR’s). At present, there are five RTR’s allocated to particular regions.
- American Registry for Internet Numbers (ARIN)
- African Network Information Center (AFRINIC)
- Asia Pacific Network Information Center (APNIC)
- Reseaux IP Europeens Network Coordination Centre (RIPE)
- Latin American and Caribbean Network Information Center (LACNIC)
What information does Whois reveal?
Whois Lookup reveals information like the owner of the domain, contact details of domain owners, IP address network range used by the organization, domain name server and when a domain has been created and the date of its expiry.
How does it help in Pentesting?
Any business or organization has a website nowadays for which they have to register a domain (person or entity who registers a domain is known as a registrant, while a company registering the domain is known as registrar). So performing Whois Lookup can give anyone information about the domain which can be further used in footprinting.
Types of Whois Lookup
There are two types of Whois Lookup: Thin Whois and Thick Whois.
- Thin Whois: Thin Whois Lookup gives only the name of the whois server of the registrar of the domain.
- Thick Whois: Thick Whois Lookup reveals complete information from all the registries for a particular domain.
Kali Linux has a default tool for whois lookup named “whois”. This is how to use it.
Given below are some other Whois Lookup tools.
- Whois Lookup (https://www.whois.com)
- ICANN Whois (https://whois.icann.org)
- MxToolBox (https://www.whois.com/whois/)
- Domain Tools (https://whois.domaintools.com)
- Who.is (https://who.is/)