bing-ip2hosts v0.2 released - Enumerate hostnames from Bing

Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above.

Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface.

Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required.

JPEG - 6 kb

Version 0.2

  • You can enter a hostname not just an IP, eg. bing-ip2hosts foo.com
  • Uses /tmp instead of the current path for creating temporary files
  • Optional CSV output. Outputs the IP and hostname on each line, separated by a comma.
  • Optionally prefix hostnames with http:// so they can be right-clicked in the shell

Usage

Usage: ./bing-ip2hosts [OPTIONS] <IP|hostname>

OPTIONS are:
-n         Turn off the progress indicator animation
-t <DIR> Use this directory instead of /tmp. The directory must exist.
-i         Optional CSV output. Outputs the IP and hostname on each line, separated by a comma.
-p         Optional http:// prefix output. Useful for right-clicking in the shell.

More information: here

Thanks to our friend, Andrew Horton (aka urbanadventurer), from MorningStar Security.