1 00:00:00,300 --> 00:00:06,140 OK, so the next tool that we're going to use for passive reconnaissance is called Who Is and will I 2 00:00:06,150 --> 00:00:07,680 call it who is enumeration? 3 00:00:07,680 --> 00:00:13,110 Because we are using who is to enumerate information, which is me, which means pretty much is gathering 4 00:00:13,110 --> 00:00:13,770 information. 5 00:00:14,260 --> 00:00:20,340 So this comes with this helpful tool called Who Is and lets you gather all kinds of information about 6 00:00:20,340 --> 00:00:20,880 information. 7 00:00:20,880 --> 00:00:28,050 And that includes things like, you know, who is registries for what their name servers are, information 8 00:00:28,050 --> 00:00:34,380 on, you know, if they have DNS security in place, you can figure out who the owner is, registration 9 00:00:34,380 --> 00:00:35,250 information. 10 00:00:35,430 --> 00:00:37,230 And, you know, just more things. 11 00:00:37,230 --> 00:00:38,700 And it's very useful. 12 00:00:38,820 --> 00:00:40,650 It's definitely something that you want to do. 13 00:00:40,650 --> 00:00:44,850 Like if you're on an external assessment, you just in your information gathering stage. 14 00:00:45,010 --> 00:00:46,100 So let's go check it out. 15 00:00:46,440 --> 00:00:50,470 OK, so when we're in college, Lennix, the first thing that you want to do is open up a terminal and 16 00:00:50,470 --> 00:00:54,110 then just type in who is you can hit, enter and see all the different options. 17 00:00:54,120 --> 00:00:57,990 We're not going to use, you know, a lot of these we're really just going to use it to get a little 18 00:00:57,990 --> 00:00:58,770 bit of information. 19 00:00:58,770 --> 00:01:03,090 But you can go ahead and read over these yourself and, you know, figure out some more of the power 20 00:01:03,090 --> 00:01:06,000 behind this tool because you really gather a lot of information. 21 00:01:06,210 --> 00:01:09,390 But all we're going to be using it for is just to get information about a domain. 22 00:01:09,390 --> 00:01:10,860 So let's say we want to do it. 23 00:01:10,890 --> 00:01:14,610 Who is on, you know, Google dot com? 24 00:01:14,610 --> 00:01:15,890 So let's see what comes up. 25 00:01:15,900 --> 00:01:22,130 So you do that, you type, you just type in who is the domain and then you hit enter. 26 00:01:22,320 --> 00:01:24,800 So let's see what we got about Google dot com. 27 00:01:24,810 --> 00:01:27,890 So we had the domain name domain already. 28 00:01:28,680 --> 00:01:30,150 All kinds of information. 29 00:01:30,690 --> 00:01:39,270 Last time this information was updated, we see the registrar is Mark Monitor and we have an email address 30 00:01:39,270 --> 00:01:40,020 for that. 31 00:01:40,250 --> 00:01:45,090 Let's see, we have their name servers right here, which is pretty common when you see on the Internet. 32 00:01:45,090 --> 00:01:47,610 You'll see this a lot and just a lot more information. 33 00:01:47,610 --> 00:01:53,970 So who is a decent tool just to gather some like just based on information about a domain that you might 34 00:01:53,970 --> 00:01:57,180 be, you know, conducting a penetration test against? 35 00:01:57,180 --> 00:01:58,310 It's very, very useful. 36 00:01:58,320 --> 00:01:59,730 So I really recommend that you use it.