whois
1. Definition
Section titled “1. Definition”A TCP/IP model protocol which is used to look up DNS and contact information about internet entities, such as domains, IP addresses and ASNs*.
In another words, it obtains registration details. It helps in identifying the domain owner, the registrar, and technical contacts.
According the official documentation, it searches for a an object in a RFC 3912 database.
Com este serviço é possível:
-
Quem registou o domínio;
-
A data de registro do domínio (Registered On/Creation Date);
-
A data de expiração do domínio (Expires On/Registry Expiry Date);
-
A data de atualização do domínio (Updated On/Update Date);
-
Servidores DNS nos quais o domínio está vinculado
A quantidade de dados disponíveis depende de ontem o domínio foi registrado.
2. Usage
Section titled “2. Usage”Ethical hackers uses whois for reconnaissance during penetration testing.
Usage: whois [OPTION]... OBJECT...
-h HOST, --host HOST connect to server HOST -p PORT, --port PORT connect to PORT -I query whois.iana.org and follow its referral -H hide legal disclaimers --verbose explain what is being done --no-recursion disable recursion from registry to registrar servers --help display this help and exit --version output version information and exit
These flags are supported by whois.ripe.net and some RIPE-like servers: -l find the one level less specific match -L find all levels less specific matches -m find all one level more specific matches -M find all levels of more specific matches -c find the smallest match containing a mnt-irt attribute -x exact match -b return brief IP address ranges with abuse contact -B turn off object filtering (show email addresses) -G turn off grouping of associated objects -d return DNS reverse delegation objects too -i ATTR[,ATTR]... do an inverse look-up for specified ATTRibutes -T TYPE[,TYPE]... only look for objects of TYPE -K only primary keys are returned -r turn off recursive look-ups for contact information -R force to show local copy of the domain object even if it contains referral -a also search all the mirrored databases -s SOURCE[,SOURCE]... search the database mirrored from SOURCE -g SOURCE:FIRST-LAST find updates from SOURCE from serial FIRST to LAST -t TYPE request template for object of TYPE -v TYPE request verbose template for object of TYPE -q [version|sources|types] query specified server infoFor this example, it’ll be used the following command:
whois --verbose wikipedia.orgResultado:
Using server whois.pir.org. Query string: "wikipedia.org"
Domain Name: wikipedia.org Registry Domain ID: REDACTED Registrar WHOIS Server: http://whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2025-12-17T09:26:13Z Creation Date: 2001-01-13T00:12:14Z Registry Expiry Date: 2027-01-13T00:12:14Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: ns0.wikimedia.org Name Server: ns1.wikimedia.org Name Server: ns2.wikimedia.org DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://icann.org/wicf/ >>> Last update of WHOIS database: 2026-02-15T05:26:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.3. Name Servers
Section titled “3. Name Servers”Exemplo:
Name Server: NS1.CLOUDNS.NET Name Server: NS2.CLOUDNS.NET Name Server: NS3.CLOUDNS.NET Name Server: NS4.CLOUDNS.NET4. Disclaimer
Section titled “4. Disclaimer”Beyond the Linux client, here is the web application that can be used as the same purpose:
-
Nic.br: for Brazilian domais, only
5. DNS Records
Section titled “5. DNS Records”In Linux, the whois command is a vital part of domain management and security, but the dig, host, and nslookup commands are the primary utilities for querying the various types of DNS records themselves.
6. Attacks
Section titled “6. Attacks”Os dados de registro fornecidas pelo serviço de whois muitas vezes fornece informações de contato do responsável pelo registro de um domínio, o que é importante quando se está planejando um ataque de engenharia social.
Imagine que, durante uma consulta, é possível identificar o nome completo responsável por um domínio, bem como um endereço e um número para contato.
Com isso, é possível:
-
O atacante poderá se passar pelo responsável;
-
É possível encaminhar um email para alguém vinculado ao domínio como se fosse o proprietário;
-
Sabendo os endereços dos servidores DNS, é possível inferir onde está hospedado o correio eletrônio da empresa analisada; etc.