1

I want to have all ip(s) belonged to a domain, e.g. google.com, I recently have a look at this, https://github.com/ip2location/ip2location-cakephp. So, what I am going to do is likes this:

<?php
// clientIp() will iterate from 1.1.1.1 to 255.255.255.255
App::uses('IP2LocationCore', 'IP2Location.Model');
$IP2Location = new IP2LocationCore();
$record = $IP2Location->get($this->request->clientIp());

if(strcmp($record->domainName, 'google.com')) {
// log the ip to a text file
}
?>

My question is: is this solution feasible?, and anyway better than this?

Bùi Văn Thủ
  • 353
  • 4
  • 14
  • It looks like the API has no such feature. You might want use the CSV database directly and query from SQL for all IP addresses in one domain. – Michael C. Jan 15 '16 at 06:57

2 Answers2

1

I'm not much of a PHP person, so consider that in my reply!

It seems that what ip2location does is to take an IP address, and gives you its location. It does this (I imagine) by compiling information from assorted data sources.

However you need to start with an IP Address and it will give you the reverse domain that is associated with that. This could well be different than the forward look up address.

For instance I have a hostname vm.example.com that I use to point to a remote desktop session on Azure. If you did a reverse lookup on that address you would not get any information on my domain, you would get the Azure domain, because that's where the reverse is registered.

and as far as I'm aware, unless zone transfers are enabled, there is no way to get all of the hostnames in a domain. At least not without incrementing through the entire domain.

Is there a specific reason you want to do this?

Michael B
  • 11,887
  • 6
  • 38
  • 74
-1

Try using the PHP function gethostbynamel.

<?php
$hosts = gethostbynamel('google.com');
print_r($hosts);
?>

This will for example return:

Array
(
    [0] => 173.194.113.35
    [1] => 173.194.113.41
    [2] => 173.194.113.46
    [3] => 173.194.113.34
    [4] => 173.194.113.40
    [5] => 173.194.113.39
    [6] => 173.194.113.33
    [7] => 173.194.113.37
    [8] => 173.194.113.32
    [9] => 173.194.113.38
    [10] => 173.194.113.36
)
DIDoS
  • 812
  • 9
  • 23
  • The question is all the IP's that belong to a *domain* not a hostname, which is what gethostbyname will retrieve. – Michael B Jan 08 '16 at 10:22
  • The hostname is part of the domain name (hostname.domain.com). So just use my example above without www. I change the example with only a domain. – DIDoS Jan 08 '16 at 10:29
  • That will return the A record that is associated with the apex domain (the hostname at example.com) not the domain itself – Michael B Jan 08 '16 at 10:32
  • So you want all IPs of all DNS entries related to google.com? – DIDoS Jan 08 '16 at 10:38
  • I don't! but it seems that is what the OP seeks – Michael B Jan 08 '16 at 10:39
  • @MichaelB the question was asked to OP. If he wants this I don't know any way to find all subdomains but bruteforcing - which might be considered as a DOS. Then calling a DNS for each subdomain is also a high traffic. – DIDoS Jan 08 '16 at 10:51
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/100137/discussion-between-didos-and-michael-b). – DIDoS Jan 08 '16 at 10:57
  • hi, it's good to see @MichaelB understands my question well. I am doing pentest for bug bounty program, and the program allowed me to pentest any ip(s) belonged to their organization. – Bùi Văn Thủ Jan 09 '16 at 11:24
  • Companies often give the target in the form e.g. *.google.com, though any ip belonged to their, even not having the subdomain of google is also eligible. ip2location gives me information for domain the ip belonged to, and this may be not accurate. – Bùi Văn Thủ Jan 09 '16 at 11:28
  • 1
    In that case you probably want to go with a subnet approach, find out all of the addresses you can find via dns www/ftp etc, then see where their MX records point, and use the subnets around those as your starting point – Michael B Jan 09 '16 at 11:49