IP Enumeration

Now to find the IP addresses of the yahoo hosts we piped into yahoohost.txt
I'm going to make a quick bash script to retrieve the IP addresses.

[root@localhost yahoo]# nano yahooip.sh
#!/bin/bash
for hostname in $(cat yahoohost.txt); do
host $hostname
done
[root@localhost yahoo]# chmod 775 yahooip.sh

Now after doing this that output isn't that pretty to say the least I'll get aliases
"www.yahoo.com is an alias for fd-fp3.wg1.b.yahoo.com."
and other garbage so lets clean up the script a little bit.

#!/bin/bash
for hostname in $(cat yahoohost.txt); do
host $hostname | grep " has address"
done

It is better
"any-ycpi-uno.aycpi.b.yahoodns.net has address 98.136.145.152"
to clean this up we can use cut using space as a delimiter and use the 4th field.

Now we get a list of IP's many duplicates for some reason when I put | sort -u in the the script it does not work. If anyone knows how to do this let me know.

So I just pipe the IP's into yahooip.txt

[root@localhost yahoo]# ./yahooip.sh >yahooip.txt

Then cat it out using | sort -u

[root@localhost yahoo]# cat yahooip.txt | sort -u
216.115.101.178
216.115.101.179
74.6.117.48
74.6.238.254
76.13.115.116
98.136.145.152
98.136.145.153
98.136.145.154
98.136.145.155
98.136.145.156
98.136.145.157
98.136.70.45
98.136.78.47
98.137.220.33
98.139.138.100
98.139.169.19
98.139.183.24
98.139.235.15
98.139.241.94
98.139.52.59


That is it we have enumerated IP's for the hostnames we got.