Bing-IP2hosts – Enumerate hostnames for an IP using bing.com.
This is useful during the reconnaissance phase of a penetration test and for website hosting provider research.
Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface. Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required.
Author Andrew Horton aka urbanadventurer, MorningStar Security
Released December 19th, 2013.
* Version 0.3, September 2012 http://www.morningstarsecurity.com/downloads/bing-ip2hosts-0.3.tar.gz
* Version 0.2, April 2010 http://www.morningstarsecurity.com/downloads/bing-ip2hosts-0.2.tar.gz
* Version 0.1, December 2009 http://www.morningstarsecurity.com/downloads/bing-ip2hosts-0.1.tar.gz
$ ./bing-ip2hosts bing-ip2hosts (o.4) by Andrew Horton aka urbanadventurer Homepage: http://www.morningstarsecurity.com/research/bing-ip2hosts Useful for web intelligence and attack surface mapping of vhosts during penetration tests. Find hostnames that share an IP address with your target which can be a hostname or an IP address. This makes use of Microsoft Bing.com ability to seach by IP address, e.g. "IP:220.127.116.11". Usage: ./bing-ip2hosts [OPTIONS] <IP|hostname>
OPTIONS are: -n Turn off the progress indicator animation -t <DIR> Use this directory instead of /tmp. The directory must exist. -i Optional CSV output. Outputs the IP and hostname on each line, separated by a comma. -p Optional http:// prefix output. Useful for right-clicking in the shell.
Example usage and output
$ ./bing-ip2hosts treshna.com
[ 18.104.22.168 | Scraping 10-19 of 27 | Found 13 | \ ]