Always A Bad Day For Adversaries

Discover All Websites Hosted on an IP Address

There have been many times I’ve worked to discover all websites being hosted on a single host address (e.g., IP address).  This required some effort and none of my techniques generated anything I considered comprehensive or authoritative.  Usually only a list good enough to get my analysis to the next step.

I found this very useful post today on how to accomplish that exact task, easily.  There is also a bash script posted to do this from the command line.

http://robert.penz.name/722/howto-find-all-websites-running-on-a-given-ip-address/

When I saw the post I immediately recognized how obvious this is.  Of course search engines know this information!  They crawl the web constantly visiting every website and they must have a website-IP mapping.  But, until know I didn’t know they exposed this mapping.

The post shows to how do it in Bing – simply use the following syntax:

ip:XXX.XXX.XXX.XXX

Click here to see an example using current IP address of this website, activeresponse.org: http://www.bing.com/search?q=ip%3A69.195.124.131&go=Submit+Query&qs=bs&form=QBRE

 

A search to reveal websites hosted on an IP address

A search to reveal websites hosted on an IP address

One challenge I see of this technique is that Bing does not expose the timestamp of this information.  Of course Bing would do some caching of information for performance purposes and as such I cannot guarantee that all of these sites are still hosted on that same IP address.  Given the nature of dynamic hosting and cloud services websites can move around pretty quickly depending on their hosting service.

Therefore, and as I’ve cautioned previously on this blog, ensure you know your data source and their biases and limitations.  In this case the data may be cached and out-of-date.

 

 

On the other hand, having a cache showing what was hosted where in the past is also helpful.

But, it’s a pretty cool and helpful capability to have.

Let me know if you have any other easy ways to accomplish this task!  I tried the task with other search engines but was unsuccessful.

DISCLAIMER: I am employed by Microsoft

Previous

What It Takes to Fight the Hackers

Next

15 Things Wrong with Today’s Threat Intelligence Reporting

1 Comment

  1. Jose

    cool trick

Powered by WordPress & Theme by Anders Norén