whois $domain && whois -h $rhost $domainnc -vn $rhost 43nmap -sV -sC -p43 $rhostwhois $domain
whois $ipwhois -h $rhost $domain
whois -h whois.verisign-grs.com $domain# ARIN (North America)
whois -h whois.arin.net $ip
# RIPE (Europe, Middle East, Central Asia)
whois -h whois.ripe.net $ip
# APNIC (Asia Pacific)
whois -h whois.apnic.net $ip
# LACNIC (Latin America)
whois -h whois.lacnic.net $ip
# AFRINIC (Africa)
whois -h whois.afrinic.net $ip# Get registrar info
whois $domain | grep -i "registrar"
# Get nameservers
whois $domain | grep -i "name server"
# Get admin contact
whois $domain | grep -i "admin"
# Get creation/expiry dates
whois $domain | grep -i "date"Some WHOIS servers may be vulnerable to command injection
# Test for injection
whois -h $rhost '$(id)'
whois -h $rhost '; ls -la'# Gather email addresses for phishing
whois $domain | grep -i "@"
# Find related domains (same registrant)
whois $domain | grep -i "registrant"# Find other domains owned by same entity
# Use online tools: viewdns.info, domaintools.com- ViewDNS: https://viewdns.info/whois/
- DomainTools: https://whois.domaintools.com/
- ICANN Lookup: https://lookup.icann.org/