WHOIS is a request and response protocol that follows the RFC 3912 specification. A WHOIS server listens on TCP port 43 for incoming requests.
PORT STATE SERVICE 43/tcp open whois?
A domain registrar is responsible for maintaining the WHOIS records for the domain names it is leasing.
www.arin.net/whoisand search for
target namein the ARIN Whois/RDAP Search bar.
Find a handle which displays more information about this registration including the range of IP addresses.
Find an entry with a net range (public IPs).
Determine all the public IP blocks the target may have.
If you cannot find any results try some other Whois database search sites.
whois command helps in identifying the owner of a target, hosted company, and location of servers,
IP address, Server type, etc. Give it a target domain name and the WHOIS server provides saved records:
Registrar WHOIS server
Record creation date
Record update date
Registrant contact info and address (unless withheld for privacy)
Admin contact info and address (unless withheld for privacy)
Tech contact info and address (unless withheld for privacy)
On occasion the database being used also appears in the response
Domain Name: THMREDTEAM.COM Registry Domain ID: 2643258257_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-09-26T15:22:32Z Creation Date: 2021-09-24T14:04:16Z Registry Expiry Date: 2023-09-24T14:04:16Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: email@example.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: KIP.NS.CLOUDFLARE.COM Name Server: UMA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2022-10-06T09:13:18Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: [...] The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: thmredteam.com Registry Domain ID: 2643258257_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-09-26T15:22:32.57Z Creation Date: 2021-09-24T14:04:16.00Z Registrar Registration Expiration Date: 2023-09-24T14:04:16.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: firstname.lastname@example.org Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: email@example.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: firstname.lastname@example.org Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: email@example.com Name Server: kip.ns.cloudflare.com Name Server: uma.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2022-10-05T20:08:51.20Z <<< For more information on Whois status codes, please visit https://icann.org/epp
Hacking WHOIS for more info
The WHOIS service always needs to use a database to store and extract the information, and a possible SQLInjection could be present when querying the database from some information provided by the user. For example, it could be possible to extract all the information saved in the database with:
whois -h <IP address> -p 43 "a') or 1=1#"
WHOIS history provides a history of WHOIS data and can come in handy if the domain registrant did not use WHOIS privacy when they registered the domain. It takes years and huge databases to collect and maintain that data, so most sites offering this service charge a fee. Whoismind offers some history and is free, but not working atm.
ViewDNS.info offers Reverse IP Lookup. It is common to come across shared hosting servers. With shared hosting, one IP address is shared among different web servers with different domain names. With reverse IP lookup, starting from a domain name or an IP address, you can find the other domain names using a specific IP address(es). And maybe one of those sites is easy to compromise and gain access to the webserver as a whole.
amass intel -d <target.com> -whois