How to Perform Reverse DNS Lookups Using Python

Before we get started, have you tried our new Python Code Assistant? It's like having an expert coder at your fingertips. Check it out!

In this tutorial, I'll walk you through performing reverse DNS lookups and identifying other websites hosted on the same server using Python.

DNS, or Domain Name System, translates human-readable domain names (like www.guardyk.com) into machine-readable IP addresses, enabling web browsers to locate and connect to the correct web servers to load websites. 

Essentially, if we manage to stumble upon an IP address we're not really sure of and want to see the domain and other websites on the same server, the program we're about to build will help us with that. 

Note: All websites hosted on the same server have the same IP address. Think of a server as your mobile phone. The various websites on a server are just like the apps on your phone - on the same device. 

This program can be useful for network administrators, cybersecurity professionals, or anyone interested in understanding server relationships. The importance of information gathering (in all aspects of life and not just tech) cannot be overemphasized. Now, let's get into it.

Prerequisites

• Python 3 installed on your computer.
• An API key from ViewDNS. You can get it here. The free version is okay to follow along. I'll explain more later on.

Installing Required Libraries

We will use the argparse, ipaddress, socket, and requests libraries. If you don't have the requests library installed, you can install it using pip:

$ pip install requests

The others are pre-installed with Python. The uses of the above packages (as related to this program) include:

• argparse: For parsing command-line arguments.
• ipaddress: For validating IP addresses.
• socket: To perform the reverse IP lookup.
• requests: For making HTTP requests.

Writing the Script

Open up a new Python file, name it meaningfully like reverse_lookup.py and include the following code:

import argparse
import ipaddress
import socket
import requests

API_KEY = "Your-Api-Key-Here"  # Replace with your ViewDNS API key
# Function to Check if IP address is valid.
def is_valid_ip(ip):
    try:
        ipaddress.ip_address(ip)
        return True
    except ValueError:
        return False

We started by importing the necessary libraries, specifying our API key, and creating a function to check if an IP Address is valid. The ip_address() method from the ipaddress module takes an IP address and checks if it is a valid ipv4 or ipv6 IP Address. 

Related: How to Manipulate IP Addresses in Python using ipaddress Module.

Next, we create a function to perform IP address reverse lookup using sockets:

# Perform reverse look up.
def reverse_lookup(ip):
    try:
        domain = socket.gethostbyaddr(ip)[0]
        return domain
    except socket.herror:
        return None

The highlight of this function is the gethostbyaddr() method from the socket module. It essentially takes an IP address and returns the associated domain (by specifying the index [0]). 

Next, we create a function to get all other websites on the same server as our target domain. For this, we'll use the ViewDNS API. ViewDNS is an online service providing various DNS-related tools and APIs for querying domain and IP address information.

So we'll create another function for that:

# Get websites on same server.
def get_websites_on_server(ip):
    url = f"https://api.viewdns.info/reverseip/?host={ip}&apikey={API_KEY}&output=json"
    response = requests.get(url)
    if response.status_code == 200:
        data = response.json()
        if "response" in data and "domains" in data["response"]:
            websites = data["response"]["domains"]
            return websites
    return []

The get_websites_on_server() function retrieves a list of websites hosted on the same server as a given IP address by querying the ViewDNS API. It constructs the API URL with the provided IP and API key, makes an HTTP GET request, and, if successful, parses the JSON response to extract and return the list of domains. If the response fails or doesn't contain the expected data, it returns an empty list.

Finally, we create a main function to collect user arguments using argparse and handle the program execution:

# Get user arguments and execute.
def main():
    parser = argparse.ArgumentParser(description="Perform IP reverse lookup.")
    parser.add_argument("ips", nargs="+", help="IP address(es) to perform reverse lookup on.")
    parser.add_argument("--all", "-a", action="store_true", help="Print all other websites on the same server.")
    args = parser.parse_args()
    for ip in args.ips:
        if not is_valid_ip(ip):
            print(f"[-] Invalid IP address: {ip}")
            continue
        domain = reverse_lookup(ip)
        if domain:
            print(f"[+] IP: {ip}, Domain: {domain}")
            if args.all:
                websites = get_websites_on_server(ip)
                if websites:
                    print("\nOther websites on the same server:")
                    for website in websites:
                        print(f"[+] {website}")
                    print('\n')
                else:
                    print("[-] No other websites found on the same server.")
        else:
            print(f"[-] No domain found for IP: {ip}")

if __name__ == "__main__":
    main()

The main function parses command-line arguments, validates and performs reverse DNS lookups on provided IPs, and if the --all flag is set, retrieves, and lists other websites hosted on the same server.

That's it. Let's run our program.

Running our Program

Please do not forget to include your API key before running the program. 

To run the program (with all functionalities):

$ python reverse_lookup.py [IP Address] --all

Result:

[+] IP: 99.99.99.99, Domain: ec2-99-99-99-99.compute-1.amazonaws.com

Other websites on the same server:
[+] {'name': 'lowe-crawford.org', 'last_resolved': '2024-06-15'}
[+] {'name': 'butler.info', 'last_resolved': '2024-06-19'}
[+] {'name': 'lozano.com', 'last_resolved': '2024-06-19'}
[+] {'name': 'bell.com', 'last_resolved': '2024-06-15'}
[+] {'name': 'johnson.info', 'last_resolved': '2024-06-19'}

For security purposes, I'm sharing a hypothetical IP address, and the resulting domains are randomly generated, but you can run it on your IP to see for yourself!

That's it. Please remember that the --all flag is optional. If you just want a reverse lookup without checking other websites on the same server, you can exclude the flag.

Also, you can specify as many IP addresses as you want. Just separate them with spaces:

$ python reverse_lookup.py [IP Address 1] [IP Address 2] 

I hope they don't send The Undertaker after us!

Conclusion

In this tutorial, you learned how to perform reverse DNS lookups and identify other websites hosted on the same server using Python. By leveraging the ViewDNS API, you can gain insights into server relationships and potentially discover more about the infrastructure behind the IP addresses you're investigating.

Other Related Tutorials

• How to Get Domain Name Information in Python
• How to Perform DNS Enumeration in Python 

I hope you enjoyed this one. You can check the complete code here. Till next time.

Liked what you read? You'll love what you can learn from our AI-powered Code Explainer. Check it out!

Read Also

How to Perform DNS Enumeration in Python

Learn how you can extract DNS information of a domain name such as nameservers, IP addresses, email services and more using dnspython library in Python.

How to Get Domain Name Information in Python

Learn how to validate domain names using WHOIS, as well as getting domain name information such as domain registrar, creation date, expiration date and more in Python.

How to Build a Username Search Tool in Python

Learn how to build a Python script that checks if a given username is available or taken across popular social media sites like Instagram, Facebook, Reddit, and more using concurrent requests in Python.

Comment panel