It is a protocol used to obtain information on the owner of internet resources from the database such as a domain name or an IP address.
We will simply Google the link http://whois.domaintools.com to enter our target domain name and then click the Search button.
The search will return detailed information on the website such as domain name info, contact email, domain status, and more. Whenever we register a certain domain, we provide information on addresses and other details. Most of these details can be obtained with a quick search. Even though it is mostly basic information but it will help us understand more about our target, their IP address, and the name server being used which can be later used to gain access.
Netcraft
Using the link https://www.netcraft.com, we can access the website called Netcraft and find out details on our target website. The search results will display information that includes Site title, rank, description, keyword, domain name, domain registrar, IP address, etc.
Robtex
Using the link https://www.robtex.com/, we will access the website called Robtex and launch a search query for our target website. It will return information about name servers, DNS servers, mail servers, records, and more.
Discovering Subdomain
Most websites have subdomains for their users. For example, using the subdomain mail.google.come, Google users can access Gmail. When companies want to introduce new features, they often test them via beta version containing the subdomain. For example, beta.facebook.com corresponds to the beta version of Facebook. These contain experimental features which offer a great opportunity for hackers to find exploits in them. But if your target website does not advertise its subdomain then it can be known using a tool called knock. After downloading this tool, you can search for your target website's sub domain. This information is very useful as you can gain access to the target website through their sub domain as well. If we find a vulnerability in the subdomain, we can take complete access to the target website.