Reverse WHOIS lookup

**blaize** · June 16th, 2005, 09:07 AM

Does anyone know of a way to do a WHOIS search to find all domains registered to a person or company?

If there is no web tool in place for this, is there any way to access raw WHOIS data as a single file or small number of files so that I could write a search tool for it?

***SirDice*** · June 16th, 2005, 09:17 AM

Yep, you can do that..

If you look at the whois info of a domain you'll notice admin contact, technical contact etc..
These "persons" have a nic-hdl and an admin-c, something like AB1234-RIPE,
You can search for these handles just like you can search for a domain..

The easiest way to use whois is to use a *nix system. There are programs for windows too..

**nihil** · June 16th, 2005, 09:58 AM

Well, in theory SirDice is correct however I don't think that you fully understand what you are asking.

1. There must be at least 20 "whois" registrars.
2. They don't all keep their records in the same way.
3. The whole damn shooting match is entirely dependent on the honesty and accuracy of the person registering.
4. There must be at least 25million registered domains?

Now the contractual agreement between ICANN (?) and these registrars is that they must supply you with a copy of their entire databases on request. They are allowed to charge you up to $10,000 for this service (each!!!!).

There are commercial organisations who will charge you for the service, for example:

http://www.name.com/name.com_brand/n...rse-whois.html

Perhaps if you could give us a better idea of your requirement, we could come up with a cost effective solution?

**white_pawn** · June 16th, 2005, 10:53 AM

I have one question though ,how is a normal "whois" different from a "Reversewhois" ??

***SirDice*** · June 16th, 2005, 10:58 AM

There is no "reverse whois".. It's all about searching with the right keywords..

***IKnowNot*** · June 16th, 2005, 11:43 AM

If there is no web tool in place for this, is there any way to access raw WHOIS data as a single file or small number of files so that I could write a search tool for it?

Correct me if I am wrong, but this was very possible a few years ago, maybe less.

Because of the very frequent abuses of the databases, changes were implemented to stymie such actions.

So, why do you wish to do this?

Spammers were using this. Bots would search the databases and hackers were crafting phishing messages to trick admins ( is this considered social engineering? ) to responding with passwords to their web accounts.

Because of this Thread I did a search of my Registrant ID, the Tech ID, and my Admin ID.

Found nothing on Registrant ID and Admin ID, found garbage on Tech ID.

Again, why do you ask?

***SirDice*** · June 16th, 2005, 11:54 AM

whois info, dns records etc.. are non-invasive networkscans..
It can help during pentesting..

**nihil** · June 16th, 2005, 12:15 PM

SirDice said:

whois info, dns records etc.. are non-invasive networkscans..

Exactly!, it can show how far your butt is hanging out of your pants

To add to SirDice's earlier explanation for White_Pawn :

It is normal to have an IP address (like 22.33.44.55) and want to know who that is? So "whois" tells you it is John Doe. You may now wonder how many other domains does John Doe have?

A "reverse whois?" will give that information, subject to the reservations in my previous post.

Actually it is not a "reverse" it is just searching the same database with different parameters. In the first instance you are looking for a 1:1 relationship, and in the second you are looking for a 1:many relationship. If you were scripting a database query you would see this immediately

**Negative** · June 16th, 2005, 02:18 PM

Registrant to IP address is a 1:M, not a 1:1

Bad comparison, nihil

Thread: Reverse WHOIS lookup

Thread Tools

Display

Reverse WHOIS lookup

Posting Permissions