Querying the domain registration information

After you know the target domain name, the first thing you would want to do is query the Whois database about that domain to look for the domain registration information. The Whois database will provide information about the DNS server and the contact information of a domain.

Whois is a protocol for searching internet registrations, databases for registered domain names, IPs, and autonomous systems. This protocol is specified in RFC 3912 (https://www.ietf.org/rfc/rfc3912.txt).

By default, Kali Linux already comes with a whois client. To find out the Whois information for a domain, just type the following command:

    # whois example.com
  

The following is the result of the Whois information:

    Domain Name: EXAMPLE.COM
       Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY
    Sponsoring Registrar IANA ID: 376
       Whois Server: whois.iana.org
       Referral URL: http://res-dom.iana.org
       Name Server: A.IANA-SERVERS.NET
       Name Server: B.IANA-SERVERS.NET
       Updated Date: 14-aug-2015
       Creation Date: 14-aug-1995
       Expiration Date: 13-aug-2016
    >>> Last update of whois database: Wed, 03 Feb 2016 01:29:37 GMT <<<
  

From the preceding Whois result, we can get the information of the DNS server and the contact person of a domain. This information will be useful in the later stages of penetration testing.

Besides using the command-line Whois client, the Whois information can also be collected via the following websites, which provide the whois client:

• www.whois.net
• www.internic.net/whois.html

You can also go to the top-level domain registrar for the corresponding domain:

• America: www.arin.net/whois/
• Europe: www.db.ripe.net/whois
• Asia-Pacific: www.apnic.net/apnic-info/whois_search2

After getting information from the Whois database, next we want to gather information about the DNS entries of the target domain.