Querying the domain registration information

After you know the target domain name, the first thing you would want to do is query the Whois database about that domain to look for the domain registration information. The Whois database will provide information about the DNS server and the contact information of a domain.

Whois is a protocol for searching internet registrations, databases for registered domain names, IPs, and autonomous systems. This protocol is specified in RFC 3912 (https://www.ietf.org/rfc/rfc3912.txt).

By default, Kali Linux already comes with a whois client. To find out the Whois information for a domain, just type the following command:

    # whois example.com

The following is the result of the Whois information:

    Domain Name: EXAMPLE.COM
       Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY
    Sponsoring Registrar IANA ID: 376
       Whois Server: whois.iana.org
       Referral URL: http://res-dom.iana.org
       Name Server: A.IANA-SERVERS.NET
       Name Server: B.IANA-SERVERS.NET
       Updated Date: 14-aug-2015
       Creation Date: 14-aug-1995
       Expiration Date: 13-aug-2016
    >>> Last update of whois database: Wed, 03 Feb 2016 01:29:37 GMT <<<

From the preceding Whois result, we can get the information of the DNS server and the contact person of a domain. This information will be useful in the later stages of penetration testing.

Besides using the command-line Whois client, the Whois information can also be collected via the following websites, which provide the whois client:

You can also go to the top-level domain registrar for the corresponding domain:

Beware: to use the top-level domain registrar whois, the domain needs to be registered through their own system. For example, if you use ARIN WHOIS, it only searches in the ARIN WHOIS database and will not search in the RIPE and APNIC Whois databases.

After getting information from the Whois database, next we want to gather information about the DNS entries of the target domain.

上一章目录下一章