Scans IP addresses and finds domains. Domain names are extracted from SSL certificates. This method does not guarantee 100% finding of all domains. You can also use the method of obtaining a domain name through a reverse DNS lookup, but 99% of domains do not contain a PTR record:
$ dig +short example.com
93.184.216.34
# NO PTR
$ php -r 'echo(gethostbyaddr("'$(dig +short example.com)'"));'
93.184.216.34 # <-- fail: if successful there should be example.comThe reason for developing this tool was that many Internet services provide unreliable results:
Installation:
pip install ip2domainsUsage:
# help
$ ip2domains -h
# Scan domains
# KLM is sucks. Don't use these f*gots. Give me back my money, assholes!
$ echo 171.21.120.0/22 | ip2domains --no-banner
# List unique domains
$ echo 171.21.120.0/22 | ip2domains --no-banner | jq -r '.domains[]' | sort | uniq
# Remember that not all domains listed in the certificate actually use this IP
$ dig +short af-klm.com
171.21.122.81
$ dig +short bluebiz.com
52.166.78.97