In hacking activities, "footprinting" is referred to as the activity of collecting information of a victim network as much as possible. It can be the collection of information of the operating systems (type, version, etc), services running on the servers, vulnerabilities on the network and all other basic information about the network. Some of the footprinting activities can be performed by running queries to search for the WHOIS and DNS information.
What is WHOIS? WHOIS is described as the query and response protocol to query the database that contains the records of registered users of an Internet resource.
There are many WHOIS Lookup Tools available both as PC applications and online tools. Some of the online tools are:
Whois
Better Whois
Whois Lookup
Domain Tools
WHOIS
TAMOS
NetCraft
WHOIS databases are maintained by Regional Internet Registries (RIRs). The RIRs are AfriNIC, ARIN, APNIC, LACNIC and RIPE NCC. When queries are made, information that may be gained by the hackers/attackers are the address of the organization, the contact details (telephone numbers, email addresses) of the administrative and technical personnel, the name server records and IP address of the domain. And, this information can be very important in the "footprinting" activity by the attacker before a structured and planned attack is made over a targeted victim network.
