HackTricks
Search…
Pentesting
Powered By GitBook
43 - Pentesting WHOIS

Basic Information

WHOIS (pronounced as the phrase "who is") is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system, but is also used for a wider range of other information. (From here)
Default port: 43
1
PORT STATE SERVICE
2
43/tcp open whois?
Copied!

Enumerate

Get all the information that a whois service has about a domain:
1
whois -h <HOST> -p <PORT> "domain.tld"
2
echo "domain.ltd" | nc -vn <HOST> <PORT>
Copied!
Notice than sometimes when requesting for some information to a WHOIS service the database being used appears in the response:
Also, the WHOIS service always needs to use a database to store and extract the information. So, a possible SQLInjection could be present when querying the database from some information provided by the user. For example doing: whois -h 10.10.10.155 -p 43 "a') or 1=1#" you could be able to extract all the information saved in the database.

Shodan

    port:43 whois

HackTricks Automatic Commands

1
Protocol_Name: WHOIS #Protocol Abbreviation if there is one.
2
Port_Number: 43 #Comma separated if there is more than one.
3
Protocol_Description: WHOIS #Protocol Abbreviation Spelled out
4
5
Entry_1:
6
Name: Notes
7
Description: Notes for WHOIS
8
Note: |
9
WHOIS (pronounced as the phrase "who is") is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system, but is also used for a wider range of other information.
10
11
https://book.hacktricks.xyz/pentesting/pentesting-smtp
12
13
Entry_2:
14
Name: Banner Grab
15
Description: Grab WHOIS Banner
16
Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} | nc -vn {IP} 43
Copied!
Last modified 2mo ago