Untitled

#!/bin/bash
# bing-ip2hosts - Enumerate hostnames from Bing.com for an IP address.
# Bing.com is Microsoft's search engine which has an IP: search parameter.
#
# By Andrew Horton aka urbanadventurer, MorningStar Security
# Homepage: http://www.morningstarsecurity.com/research/bing-ip2hosts
#
# Version 0.3 Released September 21st, 2012. Updated because Bing mobile search changed.
# Version 0.2 Released April 2nd, 2010
# Version 0.1 Released December 2nd, 2009 at Kiwicon III in New Zealand
#
# License: GPLv3

VERSION=0.3
TMPDIR=/tmp
ANIMATION=1
OUTPUTIP=0
HTTPPREFIX=0
IP=
PREFIX=

if [ -z "$1" ] || [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
echo -e "bing-ip2hosts ($VERSION) by Andrew Horton aka urbanadventurer
Homepage: http://www.morningstarsecurity.com/research/bing-ip2hosts

Find hostnames that share an IP address with your target which can be a hostname or
an IP address.  This makes use of Microsoft Bing.com ability to seach by IP address,
e.g. \"IP:210.48.71.196\".

Usage: $0 [OPTIONS] <IP|hostname>

OPTIONS are:
-n\t\tTurn off the progress indicator animation
-t <DIR>\tUse this directory instead of /tmp. The directory must exist.
-i\t\tOptional CSV output. Outputs the IP and hostname on each line, separated by a comma.
-p\t\tOptional http:// prefix output. Useful for right-clicking in the shell.
"
exit 1
fi

while getopts "nipt:" optionName; do
    case "$optionName" in
         n) ANIMATION=0;;
         t) TMPDIR="$OPTARG";;
         i) OUTPUTIP=1;;
         p) HTTPPREFIX=1;;
         [?]) echo "Error"; exit 1;;
    esac
done

shift $(($OPTIND -1))

if [ -z "$1" ]; then
 echo "need an IP or hostname"
 exit 1
fi

animation="/-\|"
page=0
last_page_check=
how_many=1
uniq_hosts=0
single_page=

# if the parameter looks like an IP go ahead, otherwise resolve it
if [ `echo "$1" | egrep  "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"`  ]; then
 IP="$1"
else
 IP=`resolveip -s "$1"`
 if [ "$?" != 0 ]; then
        echo "Error: cannot resolve $1 to an IP"
        exit
 fi
fi

all_hosts=`mktemp -p $TMPDIR -t bing-ip2hosts.tmp.XXXXXX`

while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
 if [ $ANIMATION == 1 ]; then
  echo -ne "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
  echo -en "[ $IP | Scraping $how_many | Found $uniq_hosts | ${animation: $(( $page % 4 )) :1} ]"
 fi
 url="http://www.bing.com/search?q=ip%3A$IP&go=&qs=n&first=${page}0&FORM=PERE"

 out=`mktemp -p "$TMPDIR" -t bing-ip2hosts.tmp.XXXXXX`
 wget -q -O "$out" "$url"

 last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' $out`

 # if no results are found, how_many is empty and the loop will exit
 how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' $out|cut -d '>' -f 2|cut -d ' ' -f 1-3`

 # check for a single page of results
 single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' $out`

 # no captcha support or detection
 # pages will contain "Typing the characters in the picture above helps us ensure that a person, not a program, is performing a search"

 vhosts=`cat "$out"| egrep -o "<h2><a href=\"[^\"]+" $out |cut -d '"' -f 2`
 echo -e "$vhosts" >> "$all_hosts"

 uniq_hosts=`cat "$all_hosts" | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sort | uniq | wc -l`

 rm -f "$out"
 let page=$page+1
done

if [ $ANIMATION == 1 ]; then
        echo
fi

uniq_hosts=`cat "$all_hosts" | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sort | uniq`

rm -f "$all_hosts"

if [ $OUTPUTIP == 1 ]; then
        PREFIX="$IP,"
fi
if [ $HTTPPREFIX == 1 ]; then
        PREFIX="$PREFIX""http://"
fi

for h in `echo "$uniq_hosts"`
do
        echo "$PREFIX$h"
done