Okay, I’m just totally in love with this post by Jaimie Sirovich over at SEO Egghead.  He exposed a function that I’ve been wanting for a good long while.  Some way to do IP to virtual host lookup.  His solution, similar to my Cname lookup, is to use a search engine.  I wasn’t aware of this flag in MSN, but apparently if you query it for IP addresses it will do exactly that.  Well, nearly exactly that.  I also points out any domains that are 301 redirecting or meta refreshing to your site.  Strange!  But whatever the case, it gets you 90% of the way there with not many false positives.  Those false positives can be identified and removed by simply doing another lookup on those domains and seeing if they match the IP.  Pretty trick!

In this way you can accurately identify SEO spammers, and virtual hosts.  This is particularly useful for penetration testing because often since they are on the machine the hardened host is the main one.  The softer hosts that reside on the same machine can be compromised and therefor giving you access to the same web application (and probably even the same apache process).  Very scary stuff for anyone doing lots of hosting on single IPs.  Thanks, for the post, Jaimie!

This entry was posted on Thursday, August 3rd, 2006 at 8:39 am and is filed under Webappsec, SEO/SEM, spam. You can leave a response as well.