When I try to find websites hosted on a specific IP using one of the online Reverse IP Lookup tools, I only get one website, but when I use Sub-domain enumeration, I find several websites on the same IP Why does this happen? And how can I find all the websites on a particular IP?
Asked
Active
Viewed 1,735 times
2
-
Does this answer your question? How do I find all domains hosted on a single host?, Finding web application on webserver having only IP – Steffen Ullrich Aug 29 '20 at 10:46
-
Or, https://superuser.com/questions/1543395/check-how-many-domains-are-hosted-on-a-linux-server-server-side – mti2935 Aug 29 '20 at 13:16
1 Answers
0
Reverse IP Lookup usually returns the domains under the primary Top Level Domains hosted on a given IP address (since that is what is usually placed in the PTR record), not a complete list of websites hosted at the IP. This typically does not include sub-domains since the subdomains are not directly under the primary top level domains.
And how can I find all the websites on a particular IP?
If you want to enumerate all websites including sub-domains, you can try using a reverse IP lookup to find the domains hosted on that IP and then enumerate sub-domains for all of them.
nobody
- 11,555
- 2
- 43
- 60
-
Is there a command line in windows for reverse IP lookup? Example @nobody – alex Aug 29 '20 at 11:32
-
@alex https://serverfault.com/questions/41064/whats-the-command-line-utility-in-windows-to-do-a-reverse-dns-look-up – nobody Aug 29 '20 at 11:42
-
I still get the same problem when I use nslookup I get only one website hosted on IP but when I use this service https://pentest-tools.com/information-gathering/find-subdomains-of-domain I get many website hosted on the same IP – alex Aug 29 '20 at 11:51
-
@alex That site does sub-domain enumeration. Reverse IP lookup and subdomain enumeration are separate things. Reverse IP uses DNS PTR records, while subdomain enumeration uses many different techniques – nobody Aug 29 '20 at 11:57