I am sure most of the pen-testers here has used this tool

"reverse ip domain check-up"

(i.e when we enter the ip address or one of the web-sites name,it displays the name of all the web-sites hosted in it the ip address)

I have been trying to understand the working logic behind this,
but unfortunately i couldn't find it.


i just want to know the working logic of this tool..

As usual i  have got some questions regarding this:

1)Is it possible for us to determine the number of web-sites running on a web-server manually?if yes how ?

2) To which level  we can trust these information?

3)how does this thing work?

hope i will know the  working logic soon

There will of course, in most cases even be a reverse DNS record (PTR, which means Pointer most likely), which uses the IP-address and points to a hostname.

Read up on what x.x.x.x.in-addr.arpa addresses are  (Pretty much not the direct answer you were looking for, but valuable information.)

Yes, BackTrack => /pentest

I think there's something in the "enumeration" directory you may find interesting, and there's also another directory named "dns" somewhere with some nice scripts with the tools you would probably need.

There's a few nice online tools as well, domaintools.com is one of them.

fierce.pl (a dns script), is in particular very useful. It's written by the author of ha.ckers.org afaik, and once when I was all into information gathering, I often used this script along with a few others I can't remember right now.

Here's a thread I found on the InterN0T forums, I pasted the contents here so you could read it faster (without magnets  jk, troll logic humor    )
[DNS] Information Gathering 4
Hello there,


Today i finally completed the last and final guide about gathering
informations with DNS. It took quite sometime, as i also gathered
more informations than usual thus more scripts as well.

External Link:
http://guides.intern0t.net/dns4.php

Tools in this Video:
NSLookup - This is implemented in both Win32 and *Nix
fierce.pl - A good script for performing fast zone-transfer / axfr requests.
host & dig - Useful *Nix tools even though they can run on Win32 as well.
fpdns.pl - The best script to determine version and nameserver type.
dns-grind.pl - Personally it is the best to perform bruteforcing, though fierce can be used too.

Additional Information:
To achieve host and dig in a Win32 environment, you will have to either
get them yourself, or download ISC BIND, as they distrobute it as well.

With fierce, fpdns and dns-grind, you need to have Net::DNS to be able
to run them, thus with fpdns you need to "install" the fingerprint file 100%
manually. This can be quite tricky for some people

To run perl on Windows, you could try install ActiveState's Perl, even
though some of the script creators says you shouldn't or their scripts
might not work then, because i'm proud to say that they do


I hope you enjoyed the last video guide about DNS.

~ MaXe # 0.0.127.in-addr.arpa

PS: You can install Net::DNS via CPAN : )


Reference:
http://forum.intern0t.net/offensive-guides-information/173-dns-information-gathering-4-a.html


Tool Links:
http://ha.ckers.org/fierce/
http://www.isc.org/index.pl
http://code.google.com/p/fpdns/
http://pentestmonkey.net/tools/dns-grind/