Posts: 91 Threads: 28 Joined: Oct 2017 Reputation: 0 Likes received: 1 hello all ... i have a list of ip's range for a websites in the server .... i try to get the domain name from ip i used python requests lib. to grep get the HEAD and then grep the location ... it's work in some cases but not all .. this is my code :
x = "194.187.80.65"
url = ("http://" + x)
try:
r = requests.head(url,timeout=1)
if r.status_code == 403:
print("[~] 403 Forbidden -- " , url + "\n")
if r.status_code == 401:
print("[~]401 Unauthorized -- Maybe it's a control panel protected by Firewall ( check it manually ) ! " , url + "\n")
else:
qan = (f"\n[+]Testing : {url}\t (Y)\t OK\t\t : " + url + " [!]INFO : ")
dd =(r.headers)
print(Fore.GREEN + qan + str(dd) + "\n")
except requests.exceptions.HTTPError as errh:
print ("Http Error:",errh)
except requests.exceptions.ConnectionError as errc:
print (Fore.RED + f"[-]Testing : {url}\t (N) \t Error Connecting: " + url )
except requests.exceptions.Timeout as errt:
print ("Timeout Error:",errt)
except requests.exceptions.RequestException as err:
print ("OOps: Something Else",err)
Output: http://194.187.80.65 [!]INFO : {'Expires': '0', 'Cache-Control': 'no-cache', 'X-Powered-By': 'JSP/2.3, JSP/2.3', 'Set-Cookie': 'JSESSIONID=3GkFeBQdOxugDl9x5sWx5nZH6qbUSCX1MJqtLEZu.alumni; path=/', 'Pragma': 'no-cache', 'Date': 'Thu, 08 Aug 2019 19:05:04 GMT', 'Connection': 'keep-alive', 'Content-Type': 'text/html;charset=UTF-8', 'Content-Length': '57530'}
and i try this code :
import socket
socket.gethostbyaddr("194.187.80.65")
Output: socket.gethostbyaddr("194.187.80.65")
socket.herror: [Errno 11004] host not found
how to do that !! i need it to return the domain name : alumni.qou.edu Posts: 7,980 Threads: 293 Joined: Sep 2016 Reputation: 309 Likes received: 1088 Give it a valid IP Address
import socket
print(socket.gethostbyname('cleopatra.io'))
print(socket.gethostbyaddr('63.245.208.212'))
Output:
63.245.208.212
('cleopatra.io', [], ['63.245.208.212'])
Posts: 1,112 Threads: 5 Joined: May 2017 Reputation: 109 Likes received: 245 Aug-09-2019, 12:22 AM (This post was last modified: Aug-09-2019, 12:22 AM by DeaD_EyE. Edited 2 times in total.) On one IP address many different VHosts can run. If you have luck, you're redirected to a default page or and admin panel. The most webservers are hosting more than one domain on one IP. Here look at some example configurations of Nginx: https://www.nginx.com/resources/wiki/sta...er_blocks/ How would you find out any of hosted pages on an IP-Address, when many different Domains can be the answer? It's like a guessing game. At the moment I don't have any idea how to get all hosted VHosts, if you know only the ip. Only a bad security flaw can let you find out the configuration of a webserver. One problem with Domains was SSL. If I remind right, there was one place in the internet, where you can see registrations of SSL-Certificates. In some cases you oberve this and then you know the whole infrastructure of a company domain for example. My code examples are always for Python >=3.6.0 Almost dead, but too lazy to die: https://sourceserver.info All humans together. We don't need politicians! Posts: 73 Threads: 5 Joined: Jul 2019 Reputation: 7 Likes received: 1 (Aug-08-2019, 06:51 PM)evilcode1 Wrote: hello all ... i have a list of ip's range for a websites in the server .... i try to get the domain name from ip i used python requests lib. to grep get the HEAD and then grep the location ... it's work in some cases but not all .. this is my code : x = "194.187.80.65" url = ("http://" + x) try: r = requests.head(url,timeout=1) if r.status_code == 403: print("[~] 403 Forbidden -- " , url + "\n") if r.status_code == 401: print("[~]401 Unauthorized -- Maybe it's a control panel protected by Firewall ( check it manually ) ! " , url + "\n") else: qan = (f"\n[+]Testing : {url}\t (Y)\t OK\t\t : " + url + " [!]INFO : ") dd =(r.headers) print(Fore.GREEN + qan + str(dd) + "\n") except requests.exceptions.HTTPError as errh: print ("Http Error:",errh) except requests.exceptions.ConnectionError as errc: print (Fore.RED + f"[-]Testing : {url}\t (N) \t Error Connecting: " + url ) except requests.exceptions.Timeout as errt: print ("Timeout Error:",errt) except requests.exceptions.RequestException as err: print ("OOps: Something Else",err) Output: http://194.187.80.65 [!]INFO : {'Expires': '0', 'Cache-Control': 'no-cache', 'X-Powered-By': 'JSP/2.3, JSP/2.3', 'Set-Cookie': 'JSESSIONID=3GkFeBQdOxugDl9x5sWx5nZH6qbUSCX1MJqtLEZu.alumni; path=/', 'Pragma': 'no-cache', 'Date': 'Thu, 08 Aug 2019 19:05:04 GMT', 'Connection': 'keep-alive', 'Content-Type': 'text/html;charset=UTF-8', 'Content-Length': '57530'}
and i try this code : import socket socket.gethostbyaddr("194.187.80.65") Output: socket.gethostbyaddr("194.187.80.65") socket.herror: [Errno 11004] host not found
how to do that !! i need it to return the domain name : alumni.qou.edu I thought of exploring gethostbyaddr definition in socket.py but it is importing another _socket. Where we can view _socket (Aug-08-2019, 08:57 PM)Larz60+ Wrote: Give it a valid IP Address import socket print(socket.gethostbyname('cleopatra.io')) print(socket.gethostbyaddr('63.245.208.212')) Output: 63.245.208.212 ('cleopatra.io', [], ['63.245.208.212'])
I thought of exploring gethostbyaddr function definition, but couldn't locate it under socket.py where it is actually importing another _socket. Where we can see the source code for _socket.py Posts: 2,034 Threads: 18 Joined: Jan 2018 Reputation: 183 Likes received: 488 Aug-09-2019, 06:58 AM (This post was last modified: Aug-09-2019, 06:58 AM by Gribouillis. Edited 2 times in total.) Malt Wrote:Where we can see the source code for _socket.py The _socket module is written in C. See Modules/socketmodule.c in the CPython source tree. As far as I know, the socket module is merely a python wrapper around the C socket API. Posts: 91 Threads: 28 Joined: Oct 2017 Reputation: 0 Likes received: 1 (Aug-08-2019, 08:57 PM)Larz60+ Wrote: Give it a valid IP Address
import socket
print(socket.gethostbyname('cleopatra.io'))
print(socket.gethostbyaddr('63.245.208.212'))
Output:
63.245.208.212
('cleopatra.io', [], ['63.245.208.212'])
its valid bu can check it by visit it on ur browser .. by it still not working with print(socket.gethostbyaddr('63.245.208.212')) !! any idea ?? or any other way to do that ? Posts: 1,112 Threads: 5 Joined: May 2017 Reputation: 109 Likes received: 245
>>> print(socket.gethostbyaddr('63.245.208.212'))
('redirects.public.mdc1.mozilla.com', ['cleopatra.io'], ['63.245.208.212'])
>>>
I guess you changed the ptr. Changing NS-Records takes time until they are everywhere (nameserver/resolver) updated. To check the answer, you could do following on Linux:
andre@DESKTOP-F29NT09:~$ dig @1.1.1.1 63.245.208.212.in-addr.arpa ptr
; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> @1.1.1.1 63.245.208.212.in-addr.arpa ptr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15931
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;63.245.208.212.in-addr.arpa. IN PTR
;; ANSWER SECTION:
63.245.208.212.in-addr.arpa. 86400 IN PTR coquide-cambrai-gw.gw1.lil1.fr.uu.net.
;; Query time: 35 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Aug 09 12:57:47 CEST 2019
;; MSG SIZE rcvd: 107
In this case the amazon-nameserver is used to query the PTR record. The format is ip-address.in-addr.arpa This will resolve the PTR record in a domain-name. My code examples are always for Python >=3.6.0 Almost dead, but too lazy to die: https://sourceserver.info All humans together. We don't need politicians! |