Does a searchable public database exist of (hostname; ip) mappings?

Question

^{This question is not about the trivial usage of the forward/reverse DNS.}

Getting the IP of a hostname is trivial (DNS), and using reverse DNS, also we can get (typically) a single hostname of an IP.

However, particularly for massive http virtualhosting, there is a (sometimes quite long) list of the hostnames, what resolves to a given IP. This list is not given back by the reverse DNS records (although it would be possible, it is not the practice).

If a possible attacker has access to this list, he can have much more broad attack options, simply because he knows all the virtualhosts on which the target can be accessed.

This database could be collected by large-scale data collection and processing, ideally by using public search engines, or by developing a specified crawler for this task.

Does it exist already?

https://dnslytics.com/reverse-ip works well. – mti2935 Nov 29 '19 at 02:06 — mti2935, Nov 29 '19 at 02:06

score 2 · Accepted Answer · answered Oct 13 '19 at 10:06

2

Yes, there are several services out there that provide (limited) information about domains shared on one or more IP's:

In case you want to collect data yourself, you could create an account on czds.icann.org and request access to specific zone files. Using those zone files you could create your own database and/or service.

answered Oct 13 '19 at 10:06

Jeroen

5,783
2
18
26

The second looks to be only an ordinary revdns lookup. The first seems okay. – peterh Oct 13 '19 at 10:09
The second one is actually better in my opinion, they provide recent information as it appears they often re-scan the domain names. – Jeroen Oct 13 '19 at 10:12
Yes, it needs only a little bit more clicking. Thanks! – peterh Oct 13 '19 at 10:25

Does a searchable public database exist of (hostname; ip) mappings?

1 Answers1