Re: [WEB SECURITY] rIP BETA - reverse IP tool

[disfigure <disfigure@xxxxxxxxx>]

On Jan 12, 2008 6:56 AM, Slawomir Jasek <slawek@xxxxxxxxx> wrote:
>
> disfigure wrote:
> > Hello-
> >
> > I would like to introduce "rIP", a new reverse IP tool located at
> > http://crushmachine.com.
> >
> > The application takes a hostname or IP address as input and tries to
> > return all the vhosts running on that IP. See the FAQ at
> > http://crushmachine.com/about.php.
> >
> > I hope you find it useful.
>
>
> Nice and useful idea, but still I can find much more results with
> IP-based search in live.com - especially as you mention your tool does
> support only the three main tld's.
>
> For example your tool does not return any information of your server
> crushmachine.com (is this intentional? :) , and with live.com you can
> get a few entries:
> http://search.live.com/results.aspx?q=ip%3A85.17.19.24
>
> btw - is the timing between posting this news in turn to all the
> previous security groups intentional? :)
>
> And I bet you guys do log all the queries to your database, don't you? :)
>
>
>
> greets
>
> Slawek


Hello-

You are correct, MSN Live can be used in the same way. In some cases,
it returns more result. But I have also seen where MSN Live actually
returns fewer results than my database. Live will not return sites
that it does not crawl; however, it will return subdomains. Also, I
return EVERY entry for the particular IP that I have, and I provide
the ability to download that list directly. As you probably know, MSN
Live will only return the first 1,000 or so entries on any query you
make.

I wanted to build a database that did not rely on anyone else (e.g.
users who had to submit their sites). In the future, I hope to make
this robust enough to resolved every domain name that has a . entry (I
currently drop some packets, due to the sheer volume of UDP traffic).
I also hope to add support for common subdomains like  www and mail.

To some, it may not seem like anything different than Live, but to me
these characteristics make it better. To each his own. I also like to
think of this as a supplemental tool, not a one stop repository.

Regarding the missing entries for crushmachine.com, I am sharing with
some other sites who had initially requested that I remove that
information for the time being. The next build of the database will
include my own server.

As far as the timing of the posts: I am afraid I am not very organized
in my promotion of the site. I just make the posts as I remember which
mailing lists or forums might find them useful. I have no real
motivation for this, it's just my inexperience/incompetence for
promotion. ;)

And as far as logging the queries, I can honestly tell you that the
only logging I have is standard Apache logging. Of course all queries
are contained in the GET string, so I could always parse that out. I
don't really have a reason to do that though, or anything else for
that matter. I am not attempting anything nefarious with this tool or
site.

I hope this answers your questions, and I hope you like the tool!

-d-

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]