# Built-in tools "Whois" tool - whois tool, let's look at WHOIS. WHOIS is a request and response protocol that follows the RFC 3912 specification. A WHOIS server listens on TCP port 43 for incoming requests. The domain registrar is responsible for maintaining the WHOIS records for the domain names it is leasing. whois will query the WHOIS server to provide all saved records. In the following example, we can see whois provides us with: 1. Registrar WHOIS server 2. Registrar URL 3. Record creation date 4. Record update date 5. Registrant contact info and address (unless withheld for privacy) 6. Admin contact info and address (unless withheld for privacy) 7. Tech contact info and address (unless withheld for privacy) ![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FopKfEuvYrcX8AcRQTPu7%2FImage%201.PNG?alt=media\&token=013cc706-651c-470d-8806-3a229d89b1de) ![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FfUmVMTCe9otTEpVMmXqV%2Fimage%202.PNG?alt=media\&token=33aaf5fd-dde7-48c2-a55e-829daaf3f2df) As we can see above, it is possible to gain a lot of valuable information with only a domain name. After a whois lookup, we might get lucky and find names, email addresses, postal addresses, and phone numbers, in addition to other technical information. At the end of the whois query, we find the authoritative name servers for the domain in question. DNS queries can be executed with many different tools found on our systems, especially Unix-like systems. One common tool found on Unix-like systems, Windows, and macOS is nslookup. In the following query, we can see how nslookup uses the default DNS server to get the A and AAAA records related to our domain. ![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FmfKrdVEytXMLLvEsRJCE%2Fimage%203.PNG?alt=media\&token=c6961682-6c2f-4da2-9494-bf612f4b8e27) The final tool that ships with Unix-like systems is traceroute, or on MS Windows systems, tracert. As the name indicates, it traces the route taken by the packets from our system to the target host. The console output below shows that traceroute provided us with the routers (hops) connecting us to the target system. It's worth stressing that some routers don’t respond to the packets sent by traceroute, and as a result, we don’t see their IP addresses; a \* is used to indicate such a case. ![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2F5wG0aVmIU2iw9hoELrf2%2Fimage%204.PNG?alt=media\&token=c7c0c5b4-12d2-44c5-a454-3a08b6812fda) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://oklencodes.gitbook.io/untitled/offensive-security/red-team-recon-using-osint/built-in-tools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.