You should also check Andrew Mohawk alternate DNS names from SSL certificates tool: https://andrewmohawk.com/SSLAssociated/
And down under IP neighbours category on http://stf.makensi.es/ you can find several already mentioned and maybe some other additional one. On Fri, Jan 11, 2013 at 2:24 AM, mitchell <[email protected]> wrote: > Here is a short script that I use: > > https://github.com/mukareste/utils/blob/master/pentest/findvhosts.py > > You will need an API key for the Bing Search API. > > I am not a developer, so don't laugh at the code :-). > > -- > # m. > > > On Fri, Jan 11, 2013 at 12:33 AM, allison nixon <[email protected]> wrote: > > this is also a handy tool but has a FP rate > > > > http://www.yougetsignal.com/tools/web-sites-on-web-server/ > > > > > > On Thu, Jan 10, 2013 at 3:17 PM, Rob Fuller <[email protected]> wrote: > >> > >> You can also do CIDR lookups on deepmagic: > >> > https://www.deepmagic.com/ptrs/ptrs?search=cidr%3A4.23.173.0%2F24&limit= > >> > >> > >> -- > >> Rob Fuller | Mubix > >> Certified Checkbox Unchecker > >> Room362.com | Hak5.org > >> > >> > >> On Thu, Jan 10, 2013 at 2:44 PM, TheTolik <[email protected]> wrote: > >>> > >>> Thank you Xavier. > >>> > >>> This is fantastic, exactly what I was looking for! I'm glad there is > this > >>> option and will certainly make use of it. But this also raises a > question -- > >>> Why isn't there some form of an RFC that natively presents URL's for > >>> standard web server applications.... I can see this being somewhat of a > >>> possible security consideration, but nonetheless.... > >>> > >>> Andy | Oxbeef > >>> > >>> > >>> > >>> ________________________________ > >>> From: Xavier Mertens <[email protected]> > >>> To: PaulDotCom Security Weekly Mailing List > >>> <[email protected]> > >>> Cc: TheTolik <[email protected]>; PaulDotCom Security Weekly Mailing > >>> List <[email protected]> > >>> Sent: Thursday, January 10, 2013 12:43 PM > >>> Subject: Re: [Pauldotcom] URL Enumeration for Web Server IP Address > >>> > >>> Use bing.com with a 'ip:x.x.x.x' query? > >>> Alternative: morningstarsecurity.com/research/bing-ip2hosts > >>> > >>> /x > >>> > >>> Sent from my iPad > >>> > >>> On 10 Jan 2013, at 18:55, anthony kasza <[email protected]> > wrote: > >>> > >>> If it's a public site you could use passive DNS data > >>> <http://www.bfk.de/bfk_dnslogger.html> > >>> You could also try robtex <http://ip.robtex.com/> > >>> > >>> -AK > >>> > >>> On Thu, Jan 10, 2013 at 11:29 AM, TheTolik <[email protected]> wrote: > >>> > >>> Gurus, > >>> > >>> > >>> I've run into an interesting challenge and cannot seem to figure out a > >>> > >>> solution. Does anyone know if it's possible to enumerate or query for a > >>> list > >>> > >>> of URL's hosted on a specific IP address? > >>> > >>> > >>> With dedicated web servers, hitting the IP address through http://would > >>> > >>> serve the page, but in case of shared web servers serving multiple > >>> > >>> sites/URL's, is there an effective way to find all URL's serviced? > >>> > >>> > >>> Any advice would be greatly appreciated. > >>> > >>> > >>> Andy | Oxbeef > >>> > >>> > >>> _______________________________________________ > >>> > >>> Pauldotcom mailing list > >>> > >>> [email protected] > >>> > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> > >>> Main Web Site: http://pauldotcom.com > >>> > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >> > >> > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > > > > > -- > > _________________________________ > > Note to self: Pillage BEFORE burning. > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
