-3

I am looking for away on the linux command line to list all the websites associated with 1 IP. I know web hosting companies can have hundreds of websites on a single IP and I am looking at how I can query that list. I know some website can provide this information but I don't think the list is always complete.

I have tried dig, and whois and a few other commands but none seem to give me more than a single dns lookup.

Any ideas? All the articles I can find talk about finding the single ip for a website. I know how to do that.

JAYCO Cloud
  • 1
  • 3
  • I wouldn't expect this to be possible or in any way reliable. What if there are multiple "websites" in a single directory structure, how would any automated tool know that they're separate? What about web servers running on different ports? Or a separate web service that only serves JSON data, is that a "website"? There are too many possible arrangements to make something like this possible. Taking a step back... Why do you need this? What's the goal? – David Jul 13 '21 at 16:31
  • I don't really need anything more than hostnames for the ip. My purpose is that I talk to companies all the time and they tell me they are using hosting companies. I ask them if they are aware how many other websites share the same IP and usually they do not. So it is more for marketing and curiosity on my part. – JAYCO Cloud Jul 14 '21 at 00:11
  • 1
    "if they are aware how many other websites share the same IP and usually they do not."But how useful is it? Do you in a way attach a negative feeling if one name is shared on a given IP with others? Why? It is mostly irrelevant today with load balancers and CDNs anyway. You can see multiple names resolving to a single IP but then everything can be behind a load balancer and then internally names mapped to various servers.So not very clear what consequences do you seem to draw by the fact multiple names share a given IP address. Do you have the same concerns with clouds and sharing hypervisors? – Patrick Mevzek Jul 14 '21 at 02:46
  • I am not really looking to debate this. I thought it was a simple question. No I don't have a problem with clouds. I have a problem with webhostings companies that offer little to know protection from nefarious websites. I would rather my clients have their own cloud server that they can control or secure then leave it up to godaddy or any of the other web hosting companies out there. Thank you for your input. – JAYCO Cloud Jul 14 '21 at 14:58
  • "I have a problem with webhostings companies that offer little to know protection from nefarious websites." I think the problem is far bigger than "sharing an IP address". You can certainly "rent" IP addresses (that is make your webhoster do it for your server/website), but for a cost. You may be aware there is a shortage of IPv4 addresses.However, again, even your separate IP addresses can go to a load balancer, and behind everything can be shared for example. So maybe it is a simple question for you, but if you take a step back, the problem is bigger and you seem to have some preconceptions – Patrick Mevzek Jul 14 '21 at 15:07
  • Besides the fact that at this stage your question is probably offtopic here as not very programming related at its current stage. – Patrick Mevzek Jul 14 '21 at 15:08

1 Answers1

0

I am looking for away on the linux command line to list all the websites associated with 1 IP

There is no such command. And you may want to start your question in fact by specifying WHY you need that information from the first place.

I know some website can provide this information but I don't think the list is always complete.

It is never complete because it can't be. How everyone is doing it is basically starting with a list of names, resolving them, hence getting IP addresses, and storing the results. Once you did that with enough names, you can now do inverse searches because you stored all the data. If you are at appropriate places on the Internet, you can also passively monitor recursive DNS data, showing what people are searching for - in terms of names resolution - and hence capture replies which will have the name to IP mapping, which you can then trivially reverse.

Obviously you will never get all the data that way, and name/IP association can change in both time and space (depending from where you ask, because of geolocation, etc.), so the results are far from exhaustive and precise.

I have tried dig, and whois and a few other commands but none seem to give me more than a single dns lookup.

As they are designed to do... (except that whois does not do DNS queries by the way).

Some people will tell you about DNS PTR records that supposedly maps IP addresses back to names, but:

  • they are not needed for day to day operations (they are vaguely needed for email operations, absolutely not for web operations)
  • hence very little IP addresses have those records
  • and even if a webhosting company uses them, for an IP address hosting hundreds of names (as mass virtual hosting is possible nowadays for both HTTP and HTTPS), the PTR record will probably just show one name, not all of them (few clients would cope with PTR records with multiple names anyway)
Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54