Enumerating URLs from IP Addresses Using Bing's Search API - Pentest Geek

Enumerating URLs from IP Addresses Using Bing’s Search API

Author: Royce Davis Posted In Information Gathering On: 2012/02/14 No comments
Enumerating URLs from IP Addresses Using Bing's Search API

Hey guys, just a quick post here. I wanted to share with you a simple ruby script I wrote that identifies web server URLs (if any) from a specified list of IP Addresses. I wrote this script for a recent Information Security Assessment where my client was unaware of all the URLs that were pointing to their external infrastructure (It happens more then you would think…) and provided me with only a list of IPs.

The script uses Bing’s Search API as well as the rbing ruby gem which has some prety self explanatory usage examples on the GitHub repository. Literally all it does is run the search ip:ipaddress for every host in the specified input file.

Run the script without any arguments or view the source code below for proper syntax and usage. Not much else to say about this tiny little guy accept that it proved to be quite useful during my last pen test. Hopefully someone else will find it handy too, as always code improvement suggestions are more than welcome.

Thanks for Reading!

[crayon lang=”ruby” toolbar=”false” height=”500px”]
require ‘rubygems’
require ‘rbing’

unless ARGV.length > 0
puts “Must specify an input filern”
puts “Syntax: ./bingit.rb rn”
puts “Example: ./bingit.rb livehosts.txt 4 <– Will check each IP Address in livehosts.txt and return the top 4 results per IP”

@@inFile = File.open(ARGV[0], “r”)
@@ipList = [“”]
@@numberOfResults = ARGV[1].to_i

def scanIp(bing, ipAddress)
#puts “[+] Testing #{ipAddress}rn” unless ipAddress.to_s.empty?
query = bing.web(“ip:#{ipAddress}”)
@@numberOfResults.times do |resultnumber|
unless query.web.total.to_s == “0” || ipAddress.to_s.empty?
puts ipAddress.chomp + “t-t” + query.web.results[resultnumber].url + “t” if query.web.results[resultnumber]

while line = @@inFile.gets
@@ipList << line

@@ipList.each do |addy|
scanIp(apiKey, addy)


macbook:tools issguser$ bingit.rb ~/testlist.txt 1 - http://www.metasploit.org/ - http://www.offensive-security.com/ - https://www.corelan.be/
macbook:tools issguser$ bingit.rb ~/testlist.txt 3 - http://www.metasploit.com/ - http://www.metasploit.com/download/ - http://framework.metasploit.com/license.jsp - http://www.offensive-security.com/ - http://www.offensive-security.com/information-security-certifications/ - https://www.corelan.be/ - http://redmine.corelan.be:8800/ - http://www.corelan.be/index.php/2009/02/24/cheatsheet-cracking-wpa2-psk-with-backtrack-4-aircrack-ng-and-john-the-ripper/
macbook:tools issguser$

Share this article


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This

Recent Posts

Subscribe To Our Mailing List

The Ultimate Burp Suite Training Program

Learn Network Penetration Testing

Penetration Testing



Web Application Hacking

Copyright 2024


Are You Using the Top 5 Pentest Tools?

Enter your email address to download your copy of our FREE e-book and find out now!

Thank you, now go check your email!!