Reverse ip, find domain names on ip address

Question

How and from where websites like this http://www.yougetsignal.com/tools/web-sites-on-web-server/ are getting this information from? How can I develop such tool?

Thank you.

Answer 1

You can use nslookup on the IP. Reverse DNS is defined with the .in-addr.arpa domain.

Example:

nslookup somedomain.com

yields 123.21.2.3 , and then you do:

nslookup 123.21.2.3

this will ask 3.2.21.123.in-addr.arpa and yield the domain name (if there is one defined for reverse DNS).

Answer 2

您可以使用ping -a <ip>或nbtstat -A <ip>

Answer 3

They're just trawling lists of web sites, and recording the resulting IP addresses in a database.

All you're seeing is the reverse mapping of that list. It's not guaranteed to be a full list (indeed more often than not it won't be) because it's impossible to learn every possible web site address.

Answer 4

windows user can just using the simple nslookup command

G:\wwwRoot\JavaScript Testing>nslookup 208.97.177.124
Server:  phicomm.me
Address:  192.168.2.1

Name:    apache2-argon.william-floyd.dreamhost.com
Address:  208.97.177.124


G:\wwwRoot\JavaScript Testing>

http://www.guidingtech.com/2890/find-ip-address-nslookup-command-windows/

if you want get more info, please check the following answer!

https://superuser.com/questions/287577/how-to-find-a-domain-based-on-the-ip-address/1177576#1177576

Answer 5

From about section of Reverse IP Domain Check tool on yougetsignal:

A reverse IP domain check takes a domain name or IP address pointing to a web server and searches for other sites known to be hosted on that same web server. Data is gathered from search engine results , which are not guaranteed to be complete.

Answer 6

This worked for me to get domain in intranet

https://gist.github.com/jrothmanshore/2656003

It's a powershell script. Run it in PowerShell

.\ip_lookup.ps1 <ip>

Answer 7

I'm the creator of host.io , which does something similar, showing you a list of all of the domains hosted on the same IP address (along with a list of domains that link to the domain, and more). For example, here's a list of domains hosted on the same IP as stackoverflow.com: https://host.io/stackoverflow.com

The other answers tell you how to resolve a domain to an IP address, but that's only a small part of how to find all of the domains that are hosted on an IP. To do that you first need to get (or create) a list of all available domain names. There are roughly 250 million currently. The next step is to resolve all of those domains to an IP address. You then need to store all of those domain to IP pairs in a database, and then you can query to get a list of all domains on the same IP. And then you need to do that at a regular frequency to make sure it stays up to date.

To give a full example, let's create a file with 4 domains and resolve them to IP addresses:

$ cat domains.txt
facebook.com
fb.com
stackoverflow.com
stackexchange.com

# Let's resolve the domains to IPs with dig - could use nslookup or similar
$ cat domains.txt | xargs -I% bash -c "dig +short % | tail -n1" > ips.txt
31.13.76.68
31.13.76.68
151.101.129.69
151.101.193.69

# Let's combine the domains and IPs using paste
$ paste domains.txt ips.txt > combined.tsv
$ cat combined.tsv
facebook.com    31.13.76.68
fb.com  31.13.76.68
stackoverflow.com   151.101.129.69
stackexchange.com   151.101.129.69

# Let's create a DB table and import the data, and write a query 
# to find any domains in our dataset that are hosted on the same 
# domain as stackoverflow.com

$ psql $DB_URL

=> create table details (domain text, ip text);
=> \copy details from ~/combined.tsv;

=> select domain from details where ip = (select ip from details where domain = 'stackoverflow.com');
      domain
-------------------
 stackoverflow.com
 stackexchange.com
(2 rows)