Bing-IP2hosts – Enumerate hostnames for an IP using bing.com.

This is useful during the reconnaissance phase of a penetration test and for website hosting provider research.

Introduction

Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface. Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required.

Download

License GPLv3
Author Andrew Horton aka urbanadventurer, MorningStar Security
Download http://www.morningstarsecurity.com/downloads/bing-ip2hosts-0.4.tar.gz
Released December 19th, 2013.

Older Versions
* Version 0.3, September 2012 http://www.morningstarsecurity.com/downloads/bing-ip2hosts-0.3.tar.gz
* Version 0.2, April 2010 http://www.morningstarsecurity.com/downloads/bing-ip2hosts-0.2.tar.gz
* Version 0.1, December 2009 http://www.morningstarsecurity.com/downloads/bing-ip2hosts-0.1.tar.gz

Usage

$ ./bing-ip2hosts bing-ip2hosts (o.4) by Andrew Horton aka urbanadventurer Homepage: http://www.morningstarsecurity.com/research/bing-ip2hosts

Useful for web intelligence and attack surface mapping of vhosts during penetration tests. Find hostnames that
share an IP address with your target which can be a hostname or an IP address. This makes use of Microsoft
Bing.com ability to seach by IP address, e.g. "IP:210.48.71.196".
Usage: ./bing-ip2hosts [OPTIONS] <IP|hostname>
OPTIONS are: -n Turn off the progress indicator animation -t <DIR> Use this directory instead of /tmp. The directory must exist. -i Optional CSV output. Outputs the IP and hostname on each line, separated by a comma. -p Optional http:// prefix output. Useful for right-clicking in the shell.

Example usage and output

$ ./bing-ip2hosts treshna.com
[ 210.48.71.196 | Scraping 10-19 of 27 | Found 13 | \ ]
annaklekottka.com
ignavus.net
ladychatterley.co.nz
massivenz.com
nzbridgecongress.co.nz
nzcps.treshna.com
stac.treshna.com
www.cricklewoodhouse.co.nz
www.dressfordialogue.com
www.glaciervalley.co.nz
www.hurunuihotel.co.nz
www.ignavus.net
www.kokiribnb.co.nz
www.massivenz.com
www.nzkiosk.co.nz
www.zqnbalmoral.co.nz