What is Who is Lookup? – Gathering network-related information such as “Whois” information about the target organization is important when planning a hack. in this section, we will discuss whois footprinting.
Whois foorprinting focuses on how to perform a Whois lookup, analyzing the Whois lookup results, and the tools used to gather Whois information.
What is Who is Lookup?
Whois is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonimous system. This protocol listens to requests on port 43 (TCP). Regional Internet Registries (RIRs) maintain Whois databases and it contains the personal information of domain owners. For each resource, Whois database provides text records with information about the resource itself, and relevant information of assignees, registrants, and administrative information (creation and expiration dates.)
Two types of data models exist to store and lookup Whois information:
- Thick Whois – Stores the complete Whois information from all the registrats for the particular set of data.
- Thin Whois – Stores the complete Whois server of the registrar of a domain, which in turn holds complete details on the data being looked up.
What is Who is Lookup?
Whois Query returns following information
- Domain name details
- Contact details of domain owner
- Domain name servers
- Expiry records
- Records last updated
- When a domain has been created
An attacker queries a Whois database server to obtain information about the target domain name, contact details of its owner, expiry date, creation date and so on. and the Whois server responds to the query with the requsted information.
Using this information an attacker can create a map of the organization’s network, mislead domain owners with social engineering, and then obtain internal details of the network.
What is Who is Lookup?
Regional Internet Registries (RIRs)
The RIRs include:
ARIN (American Registry for Internet Numbers)
ARIN provides services related to the technical coordination and management of Internet number resources. ARIN offers its service in form of three areas:
- Registration – pertains to the technical coordination and management of Internet number resources.
- Organization – petains to the interaction between ARIN members and stakeholders and ARIN.
- Policy Development – facilitates the development of policy for the technical coordination and management of Internet numbers resources in the ARIN region.
Arin also develops technical services to support the evolving needs of the Internet community.
AFRINIC (African Network Information Center)
Source : https://www.afrinic.net
The acronymn, AFRINIC, is the RIR for Africa, responsible for the distribution and management of Internet number resources such as IP addresses and ASN (Autonomous System Numbers) for the African region.
APNIC (Asia Pacific Network Information Center)
APNIC is one of five RIRs charged with ensuring the fair distribution and responsible management of IP addresses and related resources required for the stable and reliable operation of the global Internet.
RIPE (Reseaux IP Europeens Network Coordination Centre)
Source : https://www.ripe.net
RIPE NCC provides Internet Resource allocations, registration services, and coordination activities that support the operation of the Internet globally.
LACNIC (Latin American and Carribbean Network Information Center)
LACNIC is an international non-government organization’s responsible for assigning and administrating Internet Number resources (IPV4, IPV6) autonomous system numbers, reverse resolution, and other resources for the Latin America and Caribbean Region.
Whois Lookup Result Analysis
Whois services such as https://whois.domaintools.com or http://www.tamos.com can help to perform Whois lookups. The following figure shows a result analysis of a Whois lookup obtained with the two mentioned Whois services. The services perform whois lookup by entering the target’s domain or IP Address. The domaintools.com service provides Whois information such as registrant information, email, administrative contact information, created and expiry date, and a list of domain servers. The SmartWhois available at http://www.tamos.com gives information about an IP address, hostname, or domain, including country, state or province, city, phone number, fax number, name of the network provider, administrator, and technical support contact information. It also assists in finding the owner of the domain, the owner’s contact information, the owner of the IP address block, registered date of the domain and so on. It supports Internationalized Domain Names (IDNs), which means one can query domain names that user non-English characters. It also supports IPV6 addresses.
Whois Lookup Tools
Whois Lookup Tools extract information such as IP address, hostname or domain name, registrant information, DNS records including country, city, state, phone and fax numbers, network service providers, administrators and technical support information for any IP address or domain name.
There are numerous tools available to retrieve Whois information, including:
- Batch IP Converter – Click Here
- Whois Analyzer Pro – Click Here
- Active Whois – Click Here
- Whois This Domain – Click Here
- Whois –Click Here
- Whois Lookup Multiple Addresses Software – Click Here
- Whois Lookup – Click Here
- ICANN WHOIS – Click Here
- IANA WHOIS – Click Here
- WHOIS Lookup – Click Here
- HotWhois – Click Here
- Domain Dossier – Click Here
- BetterWhois (http://www.betterwhois.com)
- Whois Online (http://whois.online-domain-tools.com)
- Web Wiz (https://network-tools.webwiz.net/whois-lookup.htm)
- DNSstuff (https://www.dnsstuff.com)
Some of the Whois Lookup Tools for Cell Phones Include:
- DNS Tools
- UltraTools Mobile (https://www.ultratools.com)
- Whois (https://www.whois.com.au)
- Deep Whois (http://happymagenta.com/deepwhois)
- Whois lookup tool (https://www.znetlive.com)
- WHOIZ – Domain Name WHOIS Tool
- WHOIS Lookup (https://play.google.com)
If You Like This Blog For Improving Please Comment Down
For More Hacking Content Click Here