Skip to main content

WHOIS

Default Port: 43

WHOIS is a query and response protocol that is widely used for querying databases to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system.

By using the WHOIS protocol, you can gather an extensive amount of information regarding a target.

  • Domain owner
  • Domain Registrar
  • Name Servers
  • Creation Date
  • Expiration Date
  • Last Updated
  • State and Country etc.

Enumeration

You can gather a substantial amount of information using the WHOIS protocol.

whois hackviser.com

Python's python-whois library offers a simple way to communicate with the WHOIS protocol:

import whois
w = whois.whois('hackviser.com')
print(w)

print(w.status)
print(w.name)
print(w.org)
print(w.address)

Attack Vectors

Even though WHOIS itself doesn't have any direct vulnerabilities, It can inadvertently lead to security breach by leaking sensitive information.

Information Leakage

Basic reconnaissance and data gathering might allow an attacker to obtain sensitive information like contact information, addresses, registered domains, and many more.

whois example.com

Domain Expiration

An attacker could deny the service by waiting for the domain to expire and then registering the domain for themselves.

whois example.com | grep "Expiry Date"