ENUMERATING URLS FROM IP ADDRESSES USING BING’S SEARCH API

Hey guys, just a quick post here. I wanted to share with you a simple ruby script I wrote that identifies web server URLs (if any) from a specified list of IP Addresses. I wrote this script for a recent Information Security Assessment where my client was unaware of all the URLs that were pointing to their external infrastructure (It happens more then you would think…) and provided me with only a list of IPs.

The script uses Bing’s Search API as well as the rbing ruby gem which has some prety self explanatory usage examples on the GitHub repository. Literally all it does is run the search ip:ipaddress for every host in the specified input file.

Run the script without any arguments or view the source code below for proper syntax and usage. Not much else to say about this tiny little guy accept that it proved to be quite useful during my last pen test. Hopefully someone else will find it handy too, as always code improvement suggestions are more than welcome.

Thanks for Reading!

SOURCE:
[crayon lang=”ruby” toolbar=”false” height=”500px”]
#!/opt/local/bin/ruby
require ‘rubygems’
require ‘rbing’

unless ARGV.length > 0
puts “Must specify an input filern”
puts “Syntax: ./bingit.rb rn”
puts “Example: ./bingit.rb livehosts.txt 4 <– Will check each IP Address in livehosts.txt and return the top 4 results per IP”
exit!
end

apiKey = RBing.new(“INSERT YOUR BING API KEY HERE”)
@@inFile = File.open(ARGV[0], “r”)
@@ipList = [“”]
@@numberOfResults = ARGV[1].to_i

def scanIp(bing, ipAddress)
#puts “[+] Testing #{ipAddress}rn” unless ipAddress.to_s.empty?
query = bing.web(“ip:#{ipAddress}”)
@@numberOfResults.times do |resultnumber|
unless query.web.total.to_s == “0” || ipAddress.to_s.empty?
puts ipAddress.chomp + “t-t” + query.web.results[resultnumber].url + “t” if query.web.results[resultnumber]
end
end
end

while line = @@inFile.gets
@@ipList << line
end

@@ipList.each do |addy|
scanIp(apiKey, addy)
end
@@inFile.close
[/crayon]

EXAMPLE:


macbook:tools issguser$ bingit.rb ~/testlist.txt 1
208.118.237.137 - http://www.metasploit.org/
208.88.120.8 - http://www.offensive-security.com/
178.79.152.9 - https://www.corelan.be/
macbook:tools issguser$ bingit.rb ~/testlist.txt 3
208.118.237.137 - http://www.metasploit.com/
208.118.237.137 - http://www.metasploit.com/download/
208.118.237.137 - http://framework.metasploit.com/license.jsp
208.88.120.8 - http://www.offensive-security.com/
208.88.120.8 - http://www.offensive-security.com/information-security-certifications/
178.79.152.9 - https://www.corelan.be/
178.79.152.9 - http://redmine.corelan.be:8800/
178.79.152.9 - http://www.corelan.be/index.php/2009/02/24/cheatsheet-cracking-wpa2-psk-with-backtrack-4-aircrack-ng-and-john-the-ripper/
macbook:tools issguser$

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s