01.10.08
rIP - Reverse IP Tool
This is actually pretty cool... It's a new tool (Web-based) that came across the Web Application Security Consortium mailing list. Let's take a look at the tool in action first, example with ComputerDefense.org.
Showing records 1 - 13 out of 13 for www.computerdefense.org (82.165.158.149).
| capri-beauty.com | computerdefense.org |
| hometownssm.com | hometowntoronto.com |
| htregz.com | korahgrads.com |
| numerophobe.com | pythongod.com |
| reguly.org | securitybloggers.net |
| spammailbag.com | themoviegeeks.net |
| topsykrett.com |
Those are indeed the domains I own, that reside on the same IP as ComputerDefense.org. Currently the database is restricted to .com, .net and .org but it's still fairly impressive. A method of determining vhosts is a great asset to penetration testers and security researchers.
The tool is available from a group called CRUSH. It requires that you validate you aren't a bot via a text / colour based CAPTCHA, however after the first time, you are good to make subsequent requests.
I'm going to have fun playing with this tool, taking a look at certain companies / websites and seeing what other domains they host on the same server...
