Reverse IP lookup with PHP
Asked Answered
A

5

7

In PHP is there a function to do a reverse lookup on a domain name to find out how many websites are hosted on the particular shared hosting server that domain name is hosted on. Or, a way to do this with PHP?

Now, I'm already aware of the online services that offer this. However, I want to write a script to do it myself. I just can't figure it out.

Any suggestions that are not suggesting the use of a 3rd party service would be great.

Apparel answered 5/8, 2010 at 1:43 Comment(2)
Previously this was possible with AXFR. But nowadays it's restricted between each domains authoritative and secondary nameserver. It's likewise seldom to sneak out configured domains using Apache status pages / log access. So, no luck unless you build up a huge ip->domain database yourself.Multidisciplinary
A single shared hosting server may have different IP addresses for each virtual host, so I'm not sure how reliable and useful the report you're going to get would be.Libnah
H
3

There is no sure-fire way to do what you are asking.

In DNS, a site's IP address, such as "1.5.7.9", has associated with it a domain name like "9.7.5.1.in-addr.arpa". This reverse name may have PTR records pointing to the domain name. So, "example.com" may map to "1.5.7.9" with an A record, and "9.7.5.1.in-addr.arpa" may point back to "example.com".

An IP address may have more than one PTR record. But, generally, they do not. So the only way to know all the domain names that share one IP is to either search and remember all domain names (not feasible), or to get the information from some other source.

Furthermore, a given computer may have many IPs assigned to it. There's no way to know how many.

Hindermost answered 5/8, 2010 at 3:51 Comment(0)
A
19

In PHP just use

$domain = gethostbyaddr($ip);

good luck!

Auscultation answered 19/3, 2014 at 9:53 Comment(3)
nice.. this should be the answer.Fylfot
@Fylfot This does not actually do what the OP requested so no it should not be the answerCostumier
@Costumier you are right i got it backwards... but this function did resolve my issue...Fylfot
P
5

it is do able... sample program that use it is in Python that I know darkjumper

I don't know how it works, but it just works.. you can read the source code in Python and rewrite the software into php

You can try executing the reverse ip feature of this software by using -m reverseonly option

./darkjumper.py -t stackoverflow.com -m reverseonly returning results

[+] Target set : stackoverflow.com
[+] Use proxy  : None
[+] Verbocity  : False
[+] Trying reverse your target's ip...
[+] Please wait...
-----------------------------------------
http://stackoverflow.com
http://gadgets.stackexchange.com
http://webmasters.stackexchange.com
http://stats.stackexchange.com
http://gaming.stackexchange.com
http://gamedev.stackexchange.com
http://photo.stackexchange.com
http://cooking.stackexchange.com
http://chat.meta.stackoverflow.com
http://stackoverflow.com
http://stackoverflow.com

----------------------------------------
[+] Found : 12  Domains hosted at this IP
----------------------------------------
Polychaete answered 5/8, 2010 at 3:17 Comment(3)
Doesn't always work. Pretty sophisticated guesswork, though :-).Hindermost
@Borealid: From what I've understood it simply tries to follow the first 50 links in the domain and match them with the IP address? That doesn't seem that much "sophisticated".Melanous
@Alix Axel: Like I said, sophisticated guesswork. It's smarter than just reading the PTR record, but with virtual servers for unrelated domains, it wouldn't get one from another.Hindermost
H
3

There is no sure-fire way to do what you are asking.

In DNS, a site's IP address, such as "1.5.7.9", has associated with it a domain name like "9.7.5.1.in-addr.arpa". This reverse name may have PTR records pointing to the domain name. So, "example.com" may map to "1.5.7.9" with an A record, and "9.7.5.1.in-addr.arpa" may point back to "example.com".

An IP address may have more than one PTR record. But, generally, they do not. So the only way to know all the domain names that share one IP is to either search and remember all domain names (not feasible), or to get the information from some other source.

Furthermore, a given computer may have many IPs assigned to it. There's no way to know how many.

Hindermost answered 5/8, 2010 at 3:51 Comment(0)
M
2

Maybe I'm wrong but I think (the / one) way to do it is to query each domain name individually and store the corresponding IP address.

When someone queries any given domain / IP address you just have to show all the other domains that share the same IP, if you don't have the domain listed yet you just have to resolve the IP and store it.

It would also be pretty easy (and relatively quick) to solve the problem @sarnold mentioned, by simply updating all the domains that are in the same IP address of the domain being queried - or just the domain itself, maybe with a limit of 1 update per day or something like that.

Melanous answered 5/8, 2010 at 2:4 Comment(0)
R
0

I'm curious how anyone would know: hosted web sites can come and go on IPs quite quickly. It is easy to add a few thousand domains this minute and remove them all again next minute.

Have you seen http://pink.bikeshed.com? Or http://red.bikeshed.com? Or http://white.bikeshed.com? It'd be super-easy to extend it to all 754 entries in my X11 rgb.txt file, though it doesn't appear that they have done so. It'd be a wee bit more work to support on-the-fly user creation of 'new websites' there...

Return answered 5/8, 2010 at 1:50 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.