![]() Even if no vulnerabilities are present, information disclosure can be used to build the penetration tester's knowledge of the target. Using the Reverse IP Lookup technique, it is possible to identify web sites on the host that may contain vulnerabilities to exploit. Following enumeration, a skilled penetration tester will be able to identify weak spots where vulnerabilities may become opportunities for exploitation. With an understanding of the attack surface, the next step is to enumerate the applications and services in use. When attacking a host, one of the first things you will do is attempt to identify the attack surface of the host. Popular Use Cases for the Reverse IP Lookup Attack Surface Discovery for Blue & Red Teams Bing uses its search index to perform the reverse IP lookup and it can still be used today. Making a query such as one in the example will show results from hosts that are using the ip address that matches the query. The search query is straight forward to use. Of the major search engines, Bing is the only service to offer a search query that resolves hostnames from an IP address.Ī few years ago this was a popular method for finding virtual web hosts from an IP address. There are usually not many reasons to use Bing, however, the Bing reverse IP search is sometimes one. Registered members can get up to 500'000 results from a single query using the web form or 10 million using the API (see below). Search hosts across up to a /24 of public IP addresses.įree users are limited by the number of results. Not only can you use the Reverse IP lookup to find web hosts on a single IP address, the query can also be performed against a CIDR network block. Potentially bypassing the security controls of the target site. If for example, your primary target web site appears to be secure, you may be able to gain access to the underlying operating system by attacking a less secure site on the same server. It is also common in many organizations and can be an excellent way to expand the attack surface during reconnaissance of a web server. This is a common technique in shared hosting environments. To summaries: I built a dirty script that can be used to do bulk IP geolocation.The technique known as Reverse IP Lookup is a way to identify hostnames that have DNS (A) records associated with an IP address.Ī web server can be configured to serve multiple virtual hosts from a single IP address. ![]() Please always use the datatype TEXT for IP addresses. Excel’s VLOOKUP can now be used to incorporate this data into existing lists. The following screenshot shows the output of dirtyiplocate.py. In case you want the results to be appended to the output file instead of overwriting it, the –append argument can be used. Provide a text file with IPs you want to locate (the –ips argument) and specify the output CSV file (the –output parameter). As shown in the following screenshot it’s pretty easy to use. After that, the geoip2 modules needs to be installed ( pip install geoip2).Īfter all that hard work, dirtyiplocate.py is ready to rumble. It’s important to use the GeoIP2 Binary format.įinally, it’s time to get dirty: Download the script dirtyiplocate.py from Github or clone the whole repository. From the list, select the “GeoLite2 City” database file. Then access your account and select “Download Files” in the left menu. Simple register for an account on their website. They are the company behind GeoIP, which also offers a free offline database. The most generous free services only provide up to 1.000 lookups per week. In that case, it is almost impossible to find a suitable web API. Although most of the time I just try to locate a handful of addresses, but this sometimes explodes to up to 5.000. While researching the topic, the first thing that became clear was that I need an offline solution. So we need to come up with a different solution. Sure, I could import them into our Elastic stack, but would that post then be titled “Dirty”? As of recently, I quite often receive Excel files with hundreds of IPs which need to be geolocated ( Can you guess where they come from?).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |