: Try this brute force script in Linux: It uses reverse DNS lookup (one name per IP), so it can't find virtual hosts (when at one IP more then one name). vi /tmp/dnsscan.sh Type i and paste

@Karen161

Try this brute force script in Linux:
It uses reverse DNS lookup (one name per IP), so it can't find virtual hosts (when at one IP more then one name).

vi /tmp/dnsscan.sh


Type i and paste this:

#!/bin/bash
IPPFX=
for i in `seq 1 255` ; do LIST="$LIST ${IPPFX}.$i" ; done
for i in $LIST ; do
ENTRY="`host $i`"
[ $? -ne 0 ] && continue
ENTRY=`echo "$ENTRY" l sed -e 's/.* //' -e 's/.$//'`
echo -e "$it$ENTRY"
done


Then type [Esc]:wq and run

chmod 777 /tmp/dnsscan.sh


Then:

/tmp/dnsscan.sh your.ipv4.address


Replace your.ipv4.address with IPv4 without last octet!

For example www.wikipedia.org have next IP address: 208.80.152.201, so you need execute this:

/tmp/dnsscan.sh 208.80.152


Result will be:

208.80.152.1 vrrp-gw-100.wikimedia.org
208.80.152.2 rr.pmtpa.wikimedia.org
208.80.152.3 upload.pmtpa.wikimedia.org
208.80.152.5 m.pmtpa.wikimedia.org
208.80.152.6 owa.wikimedia.org
208.80.152.7 payments.wikimedia.org
208.80.152.10 lvs-svc-test.wikimedia.org
... so on


If you need to find virtual hosts try Bing.com with real IP:

Example: www.bing.com/search?q=**IP:208.80.152.201

Vote Up Vote Down

Login to post a comment!