Enumerating URLs from IP Addresses Using Bing’s Search API
Hey guys, just a quick post here. I wanted to share with you a simple ruby script I wrote that identifies web server URLs (if any) from a specified list of IP Addresses. I wrote this script for a recent Information Security Assessment where my client was unaware of all the URLs that were pointing to their external infrastructure (It happens more then you would think…) and provided me with only a list of IPs.
The script uses Bing’s Search API as well as the rbing ruby gem which has some prety self explanatory usage examples on the GitHub repository. Literally all it does is run the search ip:ipaddress for every host in the specified input file.
Run the script without any arguments or view the source code below for proper syntax and usage. Not much else to say about this tiny little guy accept that it proved to be quite useful during my last pen test. Hopefully someone else will find it handy too, as always code improvement suggestions are more than welcome.
Thanks for Reading!
SOURCE:
[crayon lang=”ruby” toolbar=”false” height=”500px”]
#!/opt/local/bin/ruby
require ‘rubygems’
require ‘rbing’
unless ARGV.length > 0
puts “Must specify an input filern”
puts “Syntax: ./bingit.rb rn”
puts “Example: ./bingit.rb livehosts.txt 4 <– Will check each IP Address in livehosts.txt and return the top 4 results per IP”
exit!
end
apiKey = RBing.new(“INSERT YOUR BING API KEY HERE”)
@@inFile = File.open(ARGV[0], “r”)
@@ipList = [“”]
@@numberOfResults = ARGV[1].to_i
def scanIp(bing, ipAddress)
#puts “[+] Testing #{ipAddress}rn” unless ipAddress.to_s.empty?
query = bing.web(“ip:#{ipAddress}”)
@@numberOfResults.times do |resultnumber|
unless query.web.total.to_s == “0” || ipAddress.to_s.empty?
puts ipAddress.chomp + “t-t” + query.web.results[resultnumber].url + “t” if query.web.results[resultnumber]
end
end
end
while line = @@inFile.gets
@@ipList << line
end
@@ipList.each do |addy|
scanIp(apiKey, addy)
end
@@inFile.close
[/crayon]
EXAMPLE:
macbook:tools issguser$ bingit.rb ~/testlist.txt 1
208.118.237.137 - http://www.metasploit.org/
208.88.120.8 - http://www.offensive-security.com/
178.79.152.9 - https://www.corelan.be/
macbook:tools issguser$ bingit.rb ~/testlist.txt 3
208.118.237.137 - http://www.metasploit.com/
208.118.237.137 - http://www.metasploit.com/download/
208.118.237.137 - http://framework.metasploit.com/license.jsp
208.88.120.8 - http://www.offensive-security.com/
208.88.120.8 - http://www.offensive-security.com/information-security-certifications/
178.79.152.9 - https://www.corelan.be/
178.79.152.9 - http://redmine.corelan.be:8800/
178.79.152.9 - http://www.corelan.be/index.php/2009/02/24/cheatsheet-cracking-wpa2-psk-with-backtrack-4-aircrack-ng-and-john-the-ripper/
macbook:tools issguser$
Share this article
Leave a Reply
Share This
Recent Posts
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
The Ultimate Burp Suite Training Program
Learn Network Penetration Testing
Penetration Testing
Categories
- AWBS
- Burp Suite
- Definitions
- Forensics and Incident Response
- Information Gathering
- Metasploit
- Penetration Testing Tutorials
- Phishing
- Presentations
- Tools
- Web Applications
- Wireless