Even foot-printing/reconnaissance involves various things depending on type of victim you are planning to attack. In this post we’ll discuss how you can extract information like domain name, domain name provider, owner of domain, his/her name, address telephone number etc..
Getting Whois/Domain Information
As mentioned earlier reconnaissance/foot-printing is very first step in hacking. In involves gathering all potential information about target system that may help attacker plan and execute attack. It is not bluff that attacker spends 90% of his/her time for this phase only then uses his/her technical skills to find and exploit weakness in system according to his/her conclusion.
Whenever we purchase a domain it must be registered, this registry of domain names and their owner is known as domain information database and it is shared over internet for other users to get information about whether a domain is available for them or not. This information is also known as whois information of a domain. Here you will learn how to extract this information from database stored over network. Following is list of websites and tools that can help you extract this information.
Sam Spade (tool)
Smart Whois (tool)
You’ll not require any skills to use these tools. They are very easy to operate as taking a lolly pop from a kid, what really difficult is to analyze the information you will be getting after using them. In Sam Spade type name of domain you want to get information for example www.google.com and press enter.
My next choice is Smart Whois which also works like Sam Spade but the fact is that usually all prefer Sam Spade, even I am not exception. When Sam Spade will fetch you results look on left side, there you’ll find several options try them one by one and analyze the result it had fetched for you.
Next is using websites that can fetch you that result. As you can see I mentioned three online tools but before you read further I must tell you there are thousands of websites and tools that can fetch you whois information, the one that are mentioned here are my personal preferences. Type domain name in search box of http://robtex.com and press “Lucky” and in http://whois.domaintools.com type domain name in search box and press lookup.
Do it yourself and ask if you encounter any problem.