views:

117

answers:

4

In PHP is there a function to do a reverse lookup on a domain name to find out how many websites are hosted on the particular shared hosting server that domain name is hosted on. Or, a way to do this with PHP?

Now, I'm already aware of the online services that offer this. However, I want to write a script to do it myself. I just can't figure it out.

Any suggestions that are not suggesting the use of a 3rd party service would be great.

A: 

I'm curious how anyone would know: hosted web sites can come and go on IPs quite quickly. It is easy to add a few thousand domains this minute and remove them all again next minute.

Have you seen http://pink.bikeshed.com? Or http://red.bikeshed.com? Or http://white.bikeshed.com? It'd be super-easy to extend it to all 754 entries in my X11 rgb.txt file, though it doesn't appear that they have done so. It'd be a wee bit more work to support on-the-fly user creation of 'new websites' there...

sarnold
+1  A: 

Maybe I'm wrong but I think (the / one) way to do it is to query each domain name individually and store the corresponding IP address.

When someone queries any given domain / IP address you just have to show all the other domains that share the same IP, if you don't have the domain listed yet you just have to resolve the IP and store it.

It would also be pretty easy (and relatively quick) to solve the problem @sarnold mentioned, by simply updating all the domains that are in the same IP address of the domain being queried - or just the domain itself, maybe with a limit of 1 update per day or something like that.

Alix Axel
+2  A: 

it is do able... sample program that use it is in Python that I know darkjumper

I don't know how it works, but it just works.. you can read the source code in Python and rewrite the software into php

You can try executing the reverse ip feature of this software by using -m reverseonly option

./darkjumper.py -t stackoverflow.com -m reverseonly returning results

[+] Target set : stackoverflow.com
[+] Use proxy  : None
[+] Verbocity  : False
[+] Trying reverse your target's ip...
[+] Please wait...
-----------------------------------------
http://stackoverflow.com
http://gadgets.stackexchange.com
http://webmasters.stackexchange.com
http://stats.stackexchange.com
http://gaming.stackexchange.com
http://gamedev.stackexchange.com
http://photo.stackexchange.com
http://cooking.stackexchange.com
http://chat.meta.stackoverflow.com
http://stackoverflow.com
http://stackoverflow.com

----------------------------------------
[+] Found : 12  Domains hosted at this IP
----------------------------------------
technomage
Doesn't always work. Pretty sophisticated guesswork, though :-).
Borealid
@Borealid: From what I've understood it simply tries to follow the first 50 links in the domain and match them with the IP address? That doesn't seem that much "sophisticated".
Alix Axel
@Alix Axel: Like I said, sophisticated guesswork. It's smarter than just reading the PTR record, but with virtual servers for unrelated domains, it wouldn't get one from another.
Borealid
+1  A: 

There is no sure-fire way to do what you are asking.

In DNS, a site's IP address, such as "1.5.7.9", has associated with it a domain name like "9.7.5.1.in-addr.arpa". This reverse name may have PTR records pointing to the domain name. So, "example.com" may map to "1.5.7.9" with an A record, and "9.7.5.1.in-addr.arpa" may point back to "example.com".

An IP address may have more than one PTR record. But, generally, they do not. So the only way to know all the domain names that share one IP is to either search and remember all domain names (not feasible), or to get the information from some other source.

Furthermore, a given computer may have many IPs assigned to it. There's no way to know how many.

Borealid