Whois is a protocol that supports querying of data related to entities that register public domains and other Internet resources. Information about such entities is available to anyone who queries databases using Whois. A Whois query can be executed using a command-line utility, but there are also web apps available that enable users to run queries. A typical query will be conducted on a public domain like comptia.org in order to reveal information about that domain, and in turn, the organization that owns it.

Whois queries can retrieve information such as:

  • The name of the domain's registrant.
  • The name of the registrant organization.
  • The mailing address of the registrant.
  • The phone number of the registrant.
  • The email address of the registrant.
  • The previous information regarding administrative and technical contacts.
  • Identifying information about the domain's registrar.
  • The status of the domain, including client and server codes that concern renewal, deletion, transfer, and related information.
  • The name servers the domain uses.

Whois queries are a great tool for OSINT because they can tell you a lot about the target organization and how its domain is configured. You can use this information to take more targeted actions against the domain's contacts, as well the underlying architecture of the domain.

Whois and Privacy Issues

As you might expect, attackers, especially spammers, use Whois data to target their operations. Likewise, Whois data raises issues of privacy, as queried data can reveal personally identifiable information (PII), not to mention information about the organization that an attacker can leverage. The rise of data privacy regulations like the General Data Protection Regulation (GDPR) has led to increased scrutiny of the Whois protocol. The Internet Corporation for Assigned Names and Numbers (ICANN) has stated that they aim to "reinvent" Whois to be more in line with recent privacy concerns. This may mean that data that was once publicly available through Whois no longer will be; however, the exact details of the proposed changes are not known at this time.