WHOIS is a tool (and protocol) used for querying registry databases to learn information about the registered users of an internet resource like a domain name. It’s been around since the 1980s and is managed by ICANN.
But enough with all the jargon… why do we care?
Whois is an easy way to get more information about a target for the purposes of pen testing. It can provide additional DNS information, as well as organizational information (address, phone number, etc.) about an organization.
How do I get WHOIS?
Chances are it’s already installed on your system (it’s built into Linux) but you an also use a web-based lookup tool like WHOis.net.
How do I use it?
Open up a terminal and type ‘whois’ followed by the domain name you’re trying to search.
The results are as follows:
Domain Name: SYNGRESS.COM Registry Domain ID: 3918089_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.safenames.net Registrar URL: http://www.safenames.net Updated Date: 2017-10-01T02:55:46Z Creation Date: 1997-09-10T04:00:00Z Registry Expiry Date: 2019-09-09T04:00:00Z Registrar: SafeNames Ltd Registrar IANA ID: 447 Registrar Abuse Contact Email: email@example.com Registrar Abuse Contact Phone: +44.1908200022 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.REEDELSEVIER.COM Name Server: NS2.REEDELSEVIER.COM Name Server: NS3.REEDELSEVIER.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
A few things to notice here:
The Registrar URL (http://www.safenames.net) can provide us with more information about the target. The registrar itself might too, if it resides in another country, for example. The listed name servers, and creation/updated dates might be useful as well.
The last line talks about Whois innacuracy, as ICANN doesn’t seem to be strictly enforcing the accuracy of these records. Additionally, a number of web hosts will offer “privacy protection” which means you can use their name and contact information for your Whois record, instead of your own.
So, review the results and take them with a grain of salt. Of course, this might not matter anyway because…
GDPR Strikes Again
If you haven’t heard of the GDPR (as of late May 2018), I’m kind of jealous of your life. But in case you haven’t, GDPR Is the General Data Protection Regulation, an EU law that dictates how companies can store and use your data. It went into effect on May 25, 2018. While this is limited to the EU, the web is (of course) a very connected place, causing some serious ripple effects outside of Europe, with some services change their data handling across the board (just to be safe) and some taking the “easy” route and blocking IP addresses from EU countries. Yikes.
Whois might be a casualty of the GDPR, as it reveals a decent amount of private information about a company (and individuals). Even the examples provided in this article from Recorded Future seem to have more information (pre-GDPR) than they do now (post-GDPR). Another article from Forbes agrees that GDPR might mean the death of Whois.
The “might” confusion comes in because ICANN proposed a solution for getting services in line with GDPR regulations, but had their ideas rejected by the EU. Womp womp.
Netcraft is a separate tool but provides some whois-style information about sites.
Go to netcraft.com (check out that awesome logo!) and type in the name of a site in the “What’s that site running?” box on the righthand side. A number of results will be returned:
You can then click on the little “site report” icons to reveal more information about a site. As you can see from the results here for booksite.syngress.com, Netcraft gives you information on the site’s background, network (whois-style info), hosting history, sender policy framework, DMARC, web trackers, and site technology.
TL;DR Whois can help get you more info on your target, but now comes with even more grains of salt now that GDPR is the law of the land. Netcraft may also help you.