--- tags: WhoIs, Cyber Shujaa --- tags: `WhoIs` `Cyber Shujaa` # Domain Lookup 🔍 ![](https://i.imgur.com/sVTYLIv.jpg) In Linux, the **whois** command line utility is a WHOIS client for communicating with the WHOIS server (or database host) which listen to requests on the well-known port number 43, which stores and delivers database content in a human-readable format. The ***whois*** package provides a command line client for the WHOIS protocol, which queries online server for information such as contact details for domains and IP address assignments. For most queries, it can pick the appropriate WHOIS server. Most modern versions of whois try to guess the right server to ask for the specified object. If no guess can be made, whois will connect to whois.networksolutions.com for NIC handles or whois.arin.net for IPv4 addresses and network names. ### Installation: To use the package, it must be installed on your Linux box. We use the below command to install it on Linux (*Debian Distributions*) ![](https://i.imgur.com/302kJjU.png) You can test the application is successfully installed by checking package help as below: ![](https://i.imgur.com/6DxBwpv.png) - Whois uses Syntax as below: ![](https://i.imgur.com/ezDKUGE.png) ### Use Case: You can use the whois command with domain names or Internet Protocol (IP) addresses. Each of these have a slightly different set of information returned. *We will attempt a simple search with Cyber Shujaa Domain.* ![](https://i.imgur.com/pqVDNUk.png) From the above listing, The Details are easily understandable. Contact details, registration dates, and so on are some of the details we see about the registry. But there are a few entries that are not immediately easily recognizable. They include: 1. **The Internet Assigned Numbers Authority (IANA):** oversees and coordinates things like top-level Domain Name System zones, IP protocol addressing systems, and the list of registries. This registry is number 299, which is indicated in the listing as “IANA ID: 468.” 2. The **“domain status” lines**: show the state in which the domain is, and it can be in several simultaneously. The states are defined in the Extensible Provisioning Protocol. Some of these are rarely seen, and others are restricted to certain situations, such as legal disputes. The following states are attached to this registration: > - **clientTransferProhibited**: The domain’s registry will reject requests to transfer the domain from the current registrar to another. > - **clientDeleteProhibited**: The domain’s registry will reject requests to delete the domain. > - **clientUpdateProhibited**: The domain’s registry will reject requests to delete the domain. 3. **“!DNSSEC”** - stands for *Domain Name System Security Extensions*, a scheme that allows a DNS name resolver to cryptographically check that the data it received from the DNS zone is valid and hasn’t been tampered with. A search for IP address gives a slightly different set of information. *We will search IP address of Example.com for this test* ![](https://i.imgur.com/cMBeUEZ.png) ---- ### Bonus: ✨ There are other online tools that can help you achieve similar results as above while enumeration for Domain details. Below is a list of the most common sites for use: - https://lookup.icann.org/en - https://whois.domaintools.com/ - https://who.is/