Mapping the Network - jude-lindale/Wiki GitHub Wiki

WHOIS

The best starting point is to perform a WHOIS lookup by using any of the tools available on the Internet. In case you’re not familiar with it, WHOIS is a protocol you can use to query online databases such as Domain Name System (DNS) registries to find out more about domain names and IP address blocks. You may have used WHOIS to check whether a particular Internet domain name was available.

For security testing, WHOIS provides the following information that can give a hacker a leg up in starting a social engineering attack or scanning a network:

  • Internet domain name registration information, such as contact names, phone numbers, and mailing addresses
  • DNS servers responsible for your domain

WHOIS tool websites are DNSstuff (www.dnsstuff.com) and MXToolBox (https://mxtoolbox.com). For example, you can run DNS queries directly from MXToolBox to do the following:

  • Display general domain-registration information.
  • Show which host handles email for a domain (the Mail Exchanger [MX] record).
  • Map the location of specific hosts.
  • Determine whether the host is listed on certain spam blacklists.

The following list shows various lookup sites for other categories: