> ## Documentation Index
> Fetch the complete documentation index at: https://pentest-tools.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# WHOIS Lookup

> Look up domain registration and IP ownership information

## Overview

The WHOIS Lookup tool retrieves registration information for domains and IP addresses from internet registrars, providing ownership details, contact information, and administrative data.

WHOIS Lookup is a **utility tool**: it queries public registration databases. It does not add data to your [Attack Surface](/capabilities/attack-surface) and does not generate [findings](/core/findings/findings). Results are displayed as raw WHOIS output.

## Supported targets

| Target type    | Examples                          |
| -------------- | --------------------------------- |
| **Domain**     | `example.com`, `corp.example.org` |
| **IP address** | `192.168.1.1`, `8.8.8.8`          |

## How it works

The tool queries the appropriate internet registrar for the target:

```bash theme={null}
whois -H <target>
```

For domains, it queries domain registrars (Verisign, ICANN, etc.). For IP addresses, it queries Regional Internet Registries (ARIN, RIPE, APNIC, etc.).

## Information retrieved

### For domains

| Field             | Description                                          |
| ----------------- | ---------------------------------------------------- |
| **Registrar**     | Company that registered the domain                   |
| **Created**       | Domain registration date                             |
| **Expires**       | Domain expiration date                               |
| **Updated**       | Last modification date                               |
| **Name servers**  | DNS servers for the domain                           |
| **Status**        | Domain status codes (clientTransferProhibited, etc.) |
| **Registrant**    | Owner name and organization                          |
| **Admin contact** | Administrative contact details                       |
| **Tech contact**  | Technical contact details                            |

### For IP addresses

| Field                 | Description                    |
| --------------------- | ------------------------------ |
| **Network**           | IP range/CIDR block            |
| **Organization**      | Company that owns the IP block |
| **Country**           | Geographic location            |
| **Address**           | Organization address           |
| **Abuse contact**     | Email for reporting abuse      |
| **Technical contact** | Technical support contact      |

<Note>
  Many domain registrations use privacy protection services (like WhoisGuard or PrivacyProtect) that hide actual registrant details. This is normal and expected.
</Note>

## Follow-up actions

After retrieving WHOIS data:

* **Run [Domain Finder](/tools/domain-finder)**: Discover related domains owned by the same organization
* **Run [Subdomain Finder](/tools/subdomain-finder)**: Enumerate subdomains for discovered domains
* **Check IP ranges**: Use identified CIDR blocks to find additional assets
* **Research contacts**: Use discovered emails for social engineering assessment scope
