Version 0.4 Released December 19th, 2013. Updated to use nslookup, new usage, fixed tmp file issue

Andrew Horton · Andrew Horton · commit 771e3976310b · 2019-11-16T02:14:11.000+11:00
* Updated usage
* Fixed tmp file issue where files weren't being deleted
* Resolves hostnames using nslookup instead of resolveip. Thanks Xavier Mertens
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,8 @@
+Version 0.4
+* Updated usage
+* Fixed tmp file issue where files weren't being deleted
+* Resolves hostnames using nslookup instead of resolveip. Thanks Xavier Mertens
+
 Version 0.3
 * Updated the progress animation with results found, and the current page being searched
 * Updated scraper to use the main bing.com site as the mobile bing site changed how it showed results
diff --git a/README b/README
@@ -8,12 +8,13 @@ HELP
 -------
 Use the following command for usage information.
 
-bing-ip2hosts (0.3) by Andrew Horton aka urbanadventurer
+bing-ip2hosts (o.4) by Andrew Horton aka urbanadventurer
 Homepage: http://www.morningstarsecurity.com/research/bing-ip2hosts
 
-Find hostnames that share an IP address with your target which can be a hostname or
-an IP address.  This makes use of Microsoft Bing.com ability to seach by IP address, 
-e.g. "IP:210.48.71.196".
+Useful for web intelligence and attack surface mapping of vhosts during
+penetration tests. Find hostnames that share an IP address with your target 
+which can be a hostname or an IP address.  This makes use of Microsoft 
+Bing.com ability to seach by IP address, e.g. "IP:210.48.71.196".
 
 Usage: ./bing-ip2hosts [OPTIONS] <IP|hostname>
 
diff --git a/bing-ip2hosts b/bing-ip2hosts
@@ -5,27 +5,33 @@
 # By Andrew Horton aka urbanadventurer, MorningStar Security
 # Homepage: http://www.morningstarsecurity.com/research/bing-ip2hosts
 #
+# Version 0.4 Released December 19th, 2013. Updated to use nslookup, new usage, fixed tmp file issue
 # Version 0.3 Released September 21st, 2012. Updated because Bing mobile search changed.
 # Version 0.2 Released April 2nd, 2010
 # Version 0.1 Released December 2nd, 2009 at Kiwicon III in New Zealand
 #
 # License: GPLv3
 
-VERSION=0.3
+VERSION=o.4
 TMPDIR=/tmp
 ANIMATION=1
 OUTPUTIP=0
 HTTPPREFIX=0
 IP=
 PREFIX=
+DEBUG=0
 
 if [ -z "$1" ] || [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
+echo -en '\E[31m'
 echo -e "bing-ip2hosts ($VERSION) by Andrew Horton aka urbanadventurer
 Homepage: http://www.morningstarsecurity.com/research/bing-ip2hosts
+"
+echo -en '\033[0m'
 
-Find hostnames that share an IP address with your target which can be a hostname or
-an IP address.  This makes use of Microsoft Bing.com ability to seach by IP address, 
-e.g. \"IP:210.48.71.196\".
+echo -e "Useful for web intelligence and attack surface mapping of vhosts during
+penetration tests. Find hostnames that share an IP address with your target 
+which can be a hostname or an IP address.  This makes use of Microsoft 
+Bing.com ability to seach by IP address, e.g. \"IP:210.48.71.196\".
 
 Usage: $0 [OPTIONS] <IP|hostname>
 
@@ -66,8 +72,10 @@ single_page=
 if [ `echo "$1" | egrep  "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"`  ]; then
  IP="$1"
 else
- IP=`resolveip -s "$1"`
- if [ "$?" != 0 ]; then
+# IP=`resolveip -s "$1"`
+ IP=`nslookup "$1" |egrep "^Address: \w+\.\w+\.\w+\.\w+$"|tail -1|awk '{ print $2 }'`
+ #  dig -t a treshna.com  +short
+ if [ "$IP" == "" ]; then
  	echo "Error: cannot resolve $1 to an IP"
 	exit
  fi
@@ -86,12 +94,18 @@ while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ];
  wget -q -O "$out" "$url"
 
  last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' $out`
+ if [ "$DEBUG" -eq 1 ]; then
+  echo "Last Page Check: $last_page_check"
+ fi
 
  # if no results are found, how_many is empty and the loop will exit
  how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' $out|cut -d '>' -f 2|cut -d ' ' -f 1-3`
 
  # check for a single page of results
  single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' $out`
+ if [ $DEBUG -eq 1 ];then
+  echo "Single Page: $single_page"
+ fi
 
  # no captcha support or detection
  # pages will contain "Typing the characters in the picture above helps us ensure that a person, not a program, is performing a search"
@@ -101,8 +115,14 @@ while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ];
 
  uniq_hosts=`cat "$all_hosts" | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sort | uniq | wc -l`
 
-# rm -f "$out"
+ if [ $DEBUG -eq 0 ]; then
+  rm -f "$out"
+ fi
+ 
  let page=$page+1 
+ if [ $DEBUG -eq 1 ]; then
+  echo "Page: $page"
+ fi
 done
 
 if [ $ANIMATION == 1 ]; then
@@ -111,7 +131,9 @@ fi
 
 uniq_hosts=`cat "$all_hosts" | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sort | uniq`
 
-#rm -f "$all_hosts"
+if [ $DEBUG -eq 0 ]; then
+  rm -f "$all_hosts"
+fi
 
 if [ $OUTPUTIP == 1 ]; then
 	PREFIX="$IP,"
