April 14, 2008

New toy for foot-printing networks

Before you continue , I`m sorry if you already knew about this , but it happened to catch my tired eyes just today .

While checking my favorite online domain/ip tool-box , I noticed a new feature which was not there before this . So I gave it a try. Domaintools.com , provides some usual services related to tracking changes on DNS and IP information , like many other alike tools . The most favorite option between pen-testers IMO , is the reverse-ip option , which let you know what domain names are hosted on given IP address . Well , nothing new so far .

While you`re faced with large block of addresses , it gets boring to check every single IP for hosted domains unless you know some scripting foo , to automate the tests . I used to play with my dirty perl script to check targeted IP block . It`s like "reverse-ip.pl " . and at the end you have list of domains hosted on every single IP in block . Sure I`ve used a paid account for this , as free/guest accounts are restricted for this option .

I noticed that the new IP Explore do the same , but in a much more elegant and visual way . And it`s pretty quick and clean ,as you only send a single request for entire class C block .
If shown results looks strange to you , here`s how it should be used :

Let`s say you want to know about all hosted domains in . You feel the blank and result will be like this . Results page devided your given network name into 4 blocks as below :

81 (A-Block) . 91 (B-Block) . 129 (C-Block) . % (D-Block)

Every block have numbered from 0 to 255 , as expected . You usually have to focus only on D-Block ( unless you know what you`re doing ) . in D-Block you`ll see some normal numbers , among some highlighted numbers . clean/no-highlight means no domain is hosted on that IP ( from domaintools.com point of view ! you`re always advised to try multiple reverse-ip providers for better/complete results ) . As of highlighted numbers , the lighter the highlight is, means lower number of hosted domains on that specific IP . So in previous example , you`ll find "98" in D-block the most noisy IP . clicking on "98" in D-block will list hosted domains on "".

That`s it .

