Querying the domain registration information
After you know the target domain name, the first thing you would want to do is query the Whois database about that domain to look for the domain registration information. The Whois database will provide information about the DNS server and the contact information of a domain.
Whois is a protocol for searching internet registrations, databases for registered domain names, IPs, and autonomous systems. This protocol is specified in RFC 3912 (https://www.ietf.org/rfc/rfc3912.txt).
By default, Kali Linux already comes with a whois client. To find out the Whois information for a domain, just type the following command:
# whois example.com
The following is the result of the Whois information:
Domain Name: EXAMPLE.COM
Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY
Sponsoring Registrar IANA ID: 376
Whois Server: whois.iana.org
Referral URL: http://res-dom.iana.org
Name Server: A.IANA-SERVERS.NET
Name Server: B.IANA-SERVERS.NET
Updated Date: 14-aug-2015
Creation Date: 14-aug-1995
Expiration Date: 13-aug-2016
>>> Last update of whois database: Wed, 03 Feb 2016 01:29:37 GMT <<<
From the preceding Whois result, we can get the information of the DNS server and the contact person of a domain. This information will be useful in the later stages of penetration testing.
Besides using the command-line Whois client, the Whois information can also be collected via the following websites, which provide the whois client:
You can also go to the top-level domain registrar for the corresponding domain:
- America: www.arin.net/whois/
- Europe: www.db.ripe.net/whois
- Asia-Pacific: www.apnic.net/apnic-info/whois_search2
After getting information from the Whois database, next we want to gather information about the DNS entries of the target domain.