Reverse IP Lookup

Reverse IP lookup involves querying an IP address to identify domains hosted on the same IP address.

There are numerous online tools available providing the ability to perform a reverse IP lookup, such as:

ViewDNS.info -> https://viewdns.info
RapidDNS.io -> https://rapiddns.io

Alternately, we can use curlwith RapidDNS.io to extract domain information for a specific IP range:

curl -s 'https://rapiddns.io/sameip/<CIDR>#result' \
    | grep 'target="' -B1 | egrep -v '(--| )' \
    | rev | cut -c 6- | rev | cut -c 5- | sort -u

Do not trust only one source of information. These databases are not accurate and hence they should be used in conjuction with other resources.

BGP + RapidDNS to check domains associated with some organization IP blocks

#!/bin/bash

organization="$1"

curl -s "https://api.bgpview.io/search?query_term=${organization}" \
    | jq '.data.ipv4_prefixes[].prefix' | sed 's/\"//g' | anew -q ip-blocks.txt

lines_ip=$(wc -l ip-blocks.txt | cut -d" " -f1)
echo "[+] IP Blocks detected: $lines_ip"

while IFS= read -r line; do
        curl -s "https://rapiddns.io/sameip/${line}#result" \
                | grep 'target="' -B1 | egrep -v '(--| )' \
                | rev | cut -c 6- | rev | cut -c 5- | sort -u | anew -q domains_reverseIPlookup.txt
done < ip-blocks.txt

lines_reverse=$(wc -l domains_reverseIPlookup.txt | cut -d" " -f1)
echo "[+] Domains detected: $lines_reverse"

PreviousEnumerating ASN and IP blocks NextScanning Open Ports/Services

Last updated 9 months ago

Was this helpful?