Skip to main content


Default Port: 43

WHOIS is a query and response protocol that is widely used for querying databases to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system.

By using the WHOIS protocol, you can gather an extensive amount of information regarding a target.

  • Domain owner
  • Domain Registrar
  • Name Servers
  • Creation Date
  • Expiration Date
  • Last Updated
  • State and Country etc.


You can gather a substantial amount of information using the WHOIS protocol.


Python's python-whois library offers a simple way to communicate with the WHOIS protocol:

import whois
w = whois.whois('')


Attack Vectors

Even though WHOIS itself doesn't have any direct vulnerabilities, It can inadvertently lead to security breach by leaking sensitive information.

Information Leakage

Basic reconnaissance and data gathering might allow an attacker to obtain sensitive information like contact information, addresses, registered domains, and many more.


Domain Expiration

An attacker could deny the service by waiting for the domain to expire and then registering the domain for themselves.

whois | grep "Expiry Date"