Whois domain lookup
Allows you to trace the ownership and tenure of a domain name.

In [23]:
import socket
import requests

def get_domain_info(domain):
    try:
        # Get IP address (active but low-risk)
        ip = socket.gethostbyname(domain)
        print(f"\nIP Address: {ip}")

        # Print domain name
        print(f"Domain: {domain}")
        
        # Get public WHOS-like info (passive, using a free API)
        response = requests.get(f"https://ipapi.co/{ip}/json/")
        if response.status_code == 200:
            data = response.json()
            print(f"Organisation: {data.get('org', 'Unknown')}")
            print(f"City: {data.get('city', 'Unknown')}")
            print(f"Country: {data.get('country_name', 'Unknown')}")
        else:
            print("Could not fetch WHOIS data.")
    except Exception as e:
        print(f"Error: {e}")

# Example: use a public domain
for domain in ["python.org", "google-gruyere.appspot.com", "oracle.com", "google.co.uk", "bbc.co.uk", "cdjapan.co.jp"]:
    get_domain_info(domain)


IP Address: 151.101.128.223
Domain: python.org
Could not fetch WHOIS data.

IP Address: 142.250.151.153
Domain: google-gruyere.appspot.com
Could not fetch WHOIS data.

IP Address: 138.1.33.162
Domain: oracle.com
Could not fetch WHOIS data.

IP Address: 142.250.151.94
Domain: google.co.uk
Could not fetch WHOIS data.

IP Address: 151.101.64.81
Domain: bbc.co.uk
Could not fetch WHOIS data.

IP Address: 202.234.167.56
Domain: cdjapan.co.jp
Could not fetch WHOIS data.


For some reason, bbc.co.uk says it's hosted in Montreal, Canada but when I search the location by the IP address, the location it gives is San Francisco, California.

In [22]:
import requests

def black_box_recon(url):
    try:
        response = requests.get(url)
        print(f"\nBlack Box Findings:")
        print(f"server: {response.headers.get('Server', 'Unknown')}")
        print(f"Content-type: {response.headers.get('Content-Type', 'Unknown')}")
    except Exception as e:
        print(f"Error: {e}")

known_info = {"server": "Apache 2.4", "vulns": "Check CVE-2021-41773"}

for url in ["http://python.org", "http://google-gruyere.appspot.com", "http://oracle.com", "http://google.co.uk", "http://bbc.co.uk", "http://cdjapan.co.jp"]:
    black_box_recon(url)


Black Box Findings:
server: Unknown
Content-type: text/html; charset=utf-8

Black Box Findings:
server: Google Frontend
Content-type: text/html; charset=utf-8

Black Box Findings:
server: AkamaiGHost
Content-type: text/html

Black Box Findings:
server: gws
Content-type: text/html; charset=ISO-8859-1

Black Box Findings:
server: BBC-GTM
Content-type: text/html

Black Box Findings:
server: nginx/1.2.1
Content-type: text/html;charset=UTF-8
