Categories: external, discovery
Finds hostnames that resolve to the target's IP address by querying the online database:
- http://www.ip2hosts.com ( Bing Search Results )
The script is in the "external" category because it sends target IPs to a third party in order to query their database.
If set, add the new hostnames to the scanning queue. This the names presumably resolve to the same IP address as the original target, this is only useful for services such as HTTP that can change their behavior based on hostname.
If set, saves the output for each host in a file called "<prefix><target>". The file contains one entry per line.
slaxml.debugSee the documentation for the slaxml library.
http.host, http.max-cache-size, http.max-pipeline, http.pipeline, http.useragentSee the documentation for the http library.
max-newtargetsSee the documentation for the target library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusernameSee the documentation for the smbauth library.
nmap --script hostmap-ip2hosts --script-args 'hostmap-ip2hosts.prefix=hostmap-' <targets>
nmap -sn --script hostmap-ip2hosts <target>
Host script results: | hostmap-ip2hosts: | hosts: | insecure.org | nmap.org | sectools.org | svn.nmap.org | cgi.insecure.org |_ filename: output_nmap.org
License: Same as Nmap--See https://nmap.org/book/man-legal.html