Reverse IP lookup with PHP

Question

In PHP is there a function to do a reverse lookup on a domain name to find out how many websites are hosted on the particular shared hosting server that domain name is hosted on. Or, a way to do this with PHP?

Now, I'm already aware of the online services that offer this. However, I want to write a script to do it myself. I just can't figure it out.

Any suggestions that are not suggesting the use of a 3rd party service would be great.

Previously this was possible with AXFR. But nowadays it's restricted between each domains authoritative and secondary nameserver. It's likewise seldom to sneak out configured domains using Apache status pages / log access. So, no luck unless you build up a huge ip->domain database yourself. — mario, Aug 05 '10 at 02:24
A single shared hosting server may have different IP addresses for each virtual host, so I'm not sure how reliable and useful the report you're going to get would be. — bcosca, Aug 05 '10 at 02:37

score 19 · Answer 1 · answered Mar 19 '14 at 09:53

19

In PHP just use

$domain = gethostbyaddr($ip);

good luck!

answered Mar 19 '14 at 09:53

HiTech

295
2
7

1

nice.. this should be the answer. – Drmjo May 02 '16 at 19:44
@Drmjo This does not actually do what the OP requested so no it should not be the answer – RiggsFolly May 05 '16 at 18:16
1

@RiggsFolly you are right i got it backwards... but this function did resolve my issue... – Drmjo May 05 '16 at 18:21

score 5 · Answer 2 · answered Aug 05 '10 at 03:17

it is do able... sample program that use it is in Python that I know darkjumper

I don't know how it works, but it just works.. you can read the source code in Python and rewrite the software into php

You can try executing the reverse ip feature of this software by using -m reverseonly option

./darkjumper.py -t stackoverflow.com -m reverseonly returning results

[+] Target set : stackoverflow.com
[+] Use proxy  : None
[+] Verbocity  : False
[+] Trying reverse your target's ip...
[+] Please wait...
-----------------------------------------
http://stackoverflow.com
http://gadgets.stackexchange.com
http://webmasters.stackexchange.com
http://stats.stackexchange.com
http://gaming.stackexchange.com
http://gamedev.stackexchange.com
http://photo.stackexchange.com
http://cooking.stackexchange.com
http://chat.meta.stackoverflow.com
http://stackoverflow.com
http://stackoverflow.com

----------------------------------------
[+] Found : 12  Domains hosted at this IP
----------------------------------------

Doesn't always work. Pretty sophisticated guesswork, though :-). — Borealid, Aug 05 '10 at 03:53
@Borealid: From what I've understood it simply tries to follow the first 50 links in the domain and match them with the IP address? That doesn't seem that much "sophisticated". — Alix Axel, Aug 05 '10 at 05:04
@Alix Axel: Like I said, sophisticated guesswork. It's smarter than just reading the PTR record, but with virtual servers for unrelated domains, it wouldn't get one from another. — Borealid, Aug 05 '10 at 05:07

score 3 · Accepted Answer · answered Aug 05 '10 at 03:51

There is no sure-fire way to do what you are asking.

In DNS, a site's IP address, such as "1.5.7.9", has associated with it a domain name like "9.7.5.1.in-addr.arpa". This reverse name may have PTR records pointing to the domain name. So, "example.com" may map to "1.5.7.9" with an A record, and "9.7.5.1.in-addr.arpa" may point back to "example.com".

An IP address may have more than one PTR record. But, generally, they do not. So the only way to know all the domain names that share one IP is to either search and remember all domain names (not feasible), or to get the information from some other source.

Furthermore, a given computer may have many IPs assigned to it. There's no way to know how many.

score 2 · Answer 4 · answered Aug 05 '10 at 02:04

Maybe I'm wrong but I think (the / one) way to do it is to query each domain name individually and store the corresponding IP address.

When someone queries any given domain / IP address you just have to show all the other domains that share the same IP, if you don't have the domain listed yet you just have to resolve the IP and store it.

It would also be pretty easy (and relatively quick) to solve the problem @sarnold mentioned, by simply updating all the domains that are in the same IP address of the domain being queried - or just the domain itself, maybe with a limit of 1 update per day or something like that.

score 0 · Answer 5 · answered Aug 05 '10 at 01:50

I'm curious how anyone would know: hosted web sites can come and go on IPs quite quickly. It is easy to add a few thousand domains this minute and remove them all again next minute.

Have you seen http://pink.bikeshed.com? Or http://red.bikeshed.com? Or http://white.bikeshed.com? It'd be super-easy to extend it to all 754 entries in my X11 rgb.txt file, though it doesn't appear that they have done so. It'd be a wee bit more work to support on-the-fly user creation of 'new websites' there...

Reverse IP lookup with PHP

5 Answers5