Reverse IP Lookup, Discover Hosts Sharing an IP

Carry out a reverse IP lookup to search out all A data related to an IP tackle. The outcomes can pinpoint digital hosts being served from an internet server. Info gathered can be utilized to increase the assault floor when figuring out vulnerabilities on a server.

What’s a Reverse IP Lookup?

The method generally known as Reverse IP Lookup is a solution to establish hostnames which have DNS (A) data related to an IP tackle.

An internet server might be configured to serve a number of digital hosts from a single IP tackle. This can be a frequent method in shared internet hosting environments. It’s also frequent in lots of organizations and might be a wonderful solution to increase the assault floor throughout reconnaissance of an internet server. If for instance, your main goal site seems to be safe, you might be able to achieve entry to the underlying working system by attacking a much less safe website on the identical server. Probably bypassing the safety controls of the goal website.

CIDR Search

Not solely can you utilize the Reverse IP lookup to search out net hosts on a single IP tackle, the question may also be carried out in opposition to a CIDR community block. Search hosts throughout as much as a /24 of public IP addresses.

Free customers are restricted by the variety of outcomes. Registered members can rise up to 500’000 outcomes from a single question utilizing the net kind or 6 million utilizing the API (see under).

Reverse IP Limits

FREE USER Membership
Queries / day 20 500 – 20000
# based mostly on plan
Max # of Outcomes 500 as much as 6 million

With a membership rise up to six million outcomes from a single question. A gold mine of knowledge for safety analysts, community defenders and different cyber safety professionals.

Bing Reverse IP Search

There are often not many causes to make use of Bing, nevertheless, the Bing reverse IP search is usually one. Of the main search engines like google and yahoo, Bing is the one service to supply a search question that resolves hostnames from an IP tackle.

A number of years in the past this was a well-liked methodology for locating digital net hosts from an IP tackle. The search question is straight ahead to make use of. Right here is an instance.


Making a question corresponding to one within the instance will present outcomes from hosts which can be utilizing the ip tackle that matches the question. Bing makes use of its search index to carry out the reverse IP lookup and it might nonetheless be used at this time.

Widespread Use Circumstances for the Reverse IP Lookup

Assault Floor Discovery for Blue & Purple Groups

When attacking a number, one of many first issues you’ll do is try to establish the assault floor of the host. With an understanding of the assault floor, the following step is to enumerate the purposes and companies in use. Following enumeration, a talented penetration tester will be capable of establish weak spots the place vulnerabilities might turn out to be alternatives for exploitation.

Utilizing the Reverse IP Lookup method, it’s doable to establish internet sites on the host that will comprise vulnerabilities to take advantage of. Even when no vulnerabilities are current, data disclosure can be utilized to construct the penetration tester’s data of the goal.

Merely figuring out further hostnames which can be associated to the goal can additional inform the data discovery cycle as the brand new hostnames might have further DNS data that may level to new goal hosts.

Within the above OSINT discovery chart you’ll be able to see {that a} reverse IP lookup is one a part of the data discovery course of.

Incident Response and Menace Intelligence

Whether or not responding to an incident, figuring out a botnet C2, or just monitoring down noisy Web scanning, a reverse IP lookup can establish hostnames related to an attacking system. These findings can additional inform the investigation and result in further data sources.

Oversubscribed Net Internet hosting

When buying website hosting in a shared internet hosting atmosphere, the net host supplier sells small quantities of assets on a server to quite a lot of internet sites. To chop prices, the net host supplier might oversubscribe, that’s, promote extra internet sites than the server can deal with. That is frequent in cheaper shared internet hosting suppliers, the place a single net server can hosts 1000’s of small internet sites. Utilizing the reverse IP tackle lookup you’ll be able to establish what number of websites you’re sharing that host with.

Net Internet hosting Status

Hosts with poor popularity can have an effect on electronic mail supply, blacklisting of your website, and search engine rating. Use the reverse IP tackle lookup service to establish different websites in your host. Subsequent, use investigative instruments to establish if these different hosts are of poor high quality, maybe even spam or phishing websites.

How is the DNS knowledge queried?

The majority of the info for the reverse IP lookup instrument comes from our crawls of the Alexa High 1 Million websites, Search Engines (Bing), Widespread Crawl, Certificates Transparency, and the superb undertaking. The DNS A data complete roughly 90G of plain textual content host data. The question merely searches by this knowledge on our backend programs to search out all hosts that match the IP tackle entered.

Reverse DNS Lookup

A reverse DNS lookup is a bit completely different to the generally used definition for a reverse IP lookup. Within the case of a reverse dns lookup, the IP tackle is checked in opposition to a DNS server to see if there’s a PTR report related to that IP tackle. This PTR report is assigned by the IP tackle block proprietor.

Reverse IP Lookup API

A simple to make use of easy API for fast entry to our backend database. Use curl, python or any net request in opposition to the API url under to obtain the ends in plain textual content format.

Want greater than 500000 outcomes?

Merely use the &web page= parameter on the API request. Will work for as much as 6 million outcomes for a single IP tackle (any membership degree required). page=2&apikey=zzzzzzz

The API is straightforward to make use of and goals to be a fast reference instrument. Like all our IP Instruments there’s a restrict of fifty queries per day and a max of 500 outcomes as a Free person. Take away limits with a Full Membership..

For individuals who must ship extra packets improve to Enterprise Plans.

 Know your Community – Know the Adversary

Know your Goal 

Subsequent degree testing with superior Safety Vulnerability Scanners.

Trusted instruments. Hosted for straightforward entry.

Take away limits with a full membership.

Assess the chance and work on mitigation.

Leave a Reply

Your email address will not be published. Required fields are marked *