Whois Tutorial

WHOIS Tutorial

This tutorial will teach how to use whois tool to pull domain registrars info.

By Fahad Usman

WHOIS (pronounced as who is) is used to query databases holding information about the domains and their registrars (users who registered the domain). The query returns data like domain IP address, net blocks, name servers, mail servers etc.

“Top level domains (TLD) may block WHOIS commands from the terminal. However, it’s worth checking it via command line first”

You can start using it from Mac Terminal or Kali Linux

[email protected]:/# whois fahadusman.com
Domain Name: FAHADUSMAN.COM
Registry Domain ID: 1741153437_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: http://www.register.com
Updated Date: 2017-08-29T07:20:33Z
Creation Date: 2012-08-28T14:08:36Z
Registry Expiry Date: 2018-08-28T14:08:36Z
Registrar: Register.com, Inc.
Registrar IANA ID: 9
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

The results are dependentant on few things i.e. if the registrar opted for privacy option or not etc. However, the key info will be:

  • Registrar: The company/organisation that registered the domain on behalf of the domain’s owner. It could be the register.com in the UK for example
  • Name Servers: The servers that control the domain’s DNS.
  • Creation Date: The date the domain was originally registered.
  • Expiration Date: The day the domain will be expired.
  • Contacts: This is the Publicly accessible information and it is required by registrars

World Whois Databases such as:

APNICAsia PacificAPNIC Whois Database
AFRINICAfricahttp://www.afrinic.net/cgi-bin/whois
RIPE NCCEurope, Central Asia and the Middle Easthttp://www.ripe.net/perl/whois
ARINNorthern Americahttp://whois.arin.net/ui
LacnicLatin America and the Caribbeanhttp://lacnic.net/cgi-bin/lacnic/whois?lg=EN

The simple process of DNS lookup:

Getting Netblocks:

 

You can find out netblocks by:
whois -h whois.arin.net n microsoft*

Once you get the netblock do a whois lookup by IP
for example:
whois 74.113.219.63


# start
NetRange: 74.113.219.0 - 74.113.219.63
CIDR: 74.113.219.0/26
NetName: MICROSOFT
NetHandle: NET-74-113-219-0-1
Parent: TWRS (NET-74-113-216-0-1)
NetType: Reassigned
OriginAS: AS17368
Customer: Microsoft (C06749510)
RegDate: 2017-10-16
Updated: 2017-10-16
Ref: https://whois.arin.net/rest/net/NET-74-113-219-0-1

CustName: Microsoft
Address: 3799 S Las Vegas Blvd
City: Las Vegas
StateProv: NV
PostalCode: 89109
Country: US
RegDate: 2017-10-16
Updated: 2017-10-16
Ref: https://whois.arin.net/rest/customer/C06749510

Search Email addresses or organisation’s names:
Search email addresses: whois -h whois.arin.net @bt.com
Search Organisation's Name: whois -h whois.arin.net o target*

Web-based Whois Tools

These web sites allow you to run whois queries using only your web browser.

The Harvester

Or use the tool called theharvester which searches google, bing and other sources to find email addresses and also finds sites hosted at the same ip address:
theharvester -d target.com -b all

Leave a Reply

Close Menu