Author Topic: Reverse IP Services - Request for suggestions  (Read 34063 times)

0 Members and 1 Guest are viewing this topic.

March 08, 2008, 01:44:47 am
Read 34063 times

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
I'm trying to find a decent reverse IP service provider. My current front-runner choice is 'domaintools.com' but i'm curious if anyone here has experience with this technology and if they have any recommendations.

For those of you that are not familiar with reverse IP, the point is to feed it an IP address and have it return all the domain names that point to that IP address. The most common technique of doing this is to maintain a large database of domain names and the addresses that they point to.

From the perspective of malware analysis and malware domains this is very useful. You'll often find a single IP containing a webserver running some browser exploit that is pointed at by many hostnames. Determining an IP from a hostname is trivial, but determining a hostname from an IP is not.

These services are rarely available for free, so before I invest I figured I'd ask around to see if anyone has suggestions. I will write a review of the provider that i end up selecting if/when I get around to subscribing.

Thanks,
TJS

MysteryFCM: Stickified :)

March 08, 2008, 01:51:53 am
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
I tend to use;

http://robtex.com
http://cert.uni-stuttgart.de/stats/dns-replication.php

Once I find a decent method for doing it, I'll also be including this as a feature in hpHosts Online :)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

March 08, 2008, 01:55:15 am
Reply #2

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Meant to mention, the hpHosts website currently includes rDNS for a single IP;

http://hosts-file.net/?s=85.17.40.13

... and can give you a list of hostnames in the database for a specific or range of IP's

http://hosts-file.net/pest.asp?show=85.17.40.136
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

March 08, 2008, 03:34:18 am
Reply #3

sowhat-x

  • Guest
...not a service,but a couple of semi-relevant Python-based tools,
that I've used from time to time and I thought they might be of interest...
Note though the word semi...as they're mainly used for info gathering,
during early pentesting steps,ie.not malware analysis related directly,
but then again,it all depends on what someone is up to...

Revhosts.py attempt to enumerate virtual hosts to a given IP address.
Quote
http://www.revhosts.net/Revhosts
Only under *nix systems...or at least,I've never attempted testing/modding it to work under win32.

And another one,also works under Windows...
Halberd is a tool aimed at discovering real servers behind virtual IPs.
Quote
http://halberd.superadditive.com/

June 25, 2008, 02:51:34 pm
Reply #4

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Aswell as what is mentioned:

http://serversniff.net/content.php?do=hostonip
http://www.domainsdb.net/   (currently still offline)
http://whois.webhosting.info/
http://onsamehost.com/
http://www.myipneighbors.com/
http://www.sitedossier.com/ip/127.0.0.1   (Replacing 127.0.0.1 with the IP you want to check.)
http://www.internic.net/whois.html     (If you want to see what name servers are on an IP, select the name servers option from the below url.)

August 05, 2008, 10:02:41 pm
Reply #5

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964


October 16, 2008, 05:03:09 pm
Reply #7

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

October 22, 2008, 09:23:19 am
Reply #8

m0sh3

  • Newbie

  • Offline
  • *

  • 2

November 11, 2008, 10:07:15 am
Reply #9

sowhat-x

  • Guest

March 31, 2009, 01:10:33 pm
Reply #10

sowhat-x

  • Guest

May 04, 2009, 12:08:18 am
Reply #11

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964



May 29, 2009, 08:52:10 pm
Reply #14

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964