MSN IP Search
I’ve been meaning to write something about this for a while now, and a number of people have known and used this for a while too, but one of the most helpful tools out there for identifying subdomains of any given target is MSN IP search. I think Fierce is way better for finding subdomains if they aren’t on the same IP, but MSN IP search is way better at finding subdomains on the same IP.
Why is that important? Well, it turns out that a lot of companies use shared hosting, and as we all know, unless they have taken extreme steps to protect their clients, the hosting environments are basically saying that any compromise of any client means complete compromise of any of the other clients on the same machine. Great. So I created a small bookmarket that interfaces with MSN IP search. If you use Firefox, just drag it to your bookmarks and just go to a webpage of choice (other than ha.ckers.org 
) and click the bookmarklet. It sends the domain to ha.ckers.org which performs an IP lookup and forwards the browser back to MSN with the IP for that domain. It’s that simple. You’d be amazed how many companies use shared hosting.
August 3rd, 2008 at 10:30 am
I love your “Security Bookmarklets” page.. jus awsome !
August 3rd, 2008 at 12:31 pm
gigablast.com can do this too. This is a very usefull function
August 3rd, 2008 at 3:25 pm
http://www.myipneighbors.com/
very good and practical
August 3rd, 2008 at 3:59 pm
myipneighbors uses the MSN IP search. The results will be the same, just a different format.
August 3rd, 2008 at 5:57 pm
Great trick, I’ve been using this one for a while. (Of course, Maltego CE also offers some of the same results, I’m unsure if the transform it uses for that query uses this search too).
August 3rd, 2008 at 6:17 pm
with the results of msn ip, I have a lot of redondonces, but with the website There is a well-ordered list, I think it’s better
August 3rd, 2008 at 6:27 pm
Yaw, i love the one with yahoo search. Very practical! Thanks.
August 4th, 2008 at 12:07 pm
Not bad, but Live seems to have less data about non-CNO domains than Google. I host 18 domains on my server but Live only finds 11 of them.
August 4th, 2008 at 12:31 pm
@Johann - I stay away from Google if I can help it. And anyway, Google doesn’t have an exposed IP search function so I don’t know how that would help you anyway.
August 6th, 2008 at 8:38 pm
Awesome tip. Thanks
August 11th, 2008 at 4:59 pm
Interesting service. Helpful for security personnel to know which domain a hacker may be trying to infiltrate.
http://www.mbridge.com
August 13th, 2008 at 8:17 pm
robtex ftw! (http://www.robtex.com)
for instance: http://www.robtex.com/dns/ha.ckers.org.html
August 14th, 2008 at 8:23 am
@jcran - I like robtex but it really does miss a lot. Not once does it put sla.ckers.org anywhere on the page, yet it’s the second most hit subdomain we have. Not exactly a winner there.
August 15th, 2008 at 1:03 am
how about using: http://www.robtex.com/ip/67.78.61.227.html
August 15th, 2008 at 6:52 am
Sure, but try it for .228… it misses what MSN IP search finds. Overall, it’s just not as good at finding subdomains.
August 20th, 2008 at 3:19 pm
aside from having to answer a captcha, http://www.myipneighbors.com/ is a far more useful format for this than the normal msn.
Although i also don’t like that it forces you to visit the first site/ip. Not exactly stealthy when my browser is requesting the target site with an IP as my host header (if searching by IP)
September 25th, 2008 at 10:22 am
If you have the ShowIP extension for Firefox you can add the following to it: http://search.msn.com/results.aspx?q=ip%3A## that way no need for a lookup since IP is already known and no need for bookmarklet. =o)