Official Maltego Documentation » Transform Guide » PATERVA CTAS » To Domain [Sharing this NS] << (IPAddress)

To Domain [Sharing this NS]


Transform Meta Info

Display Name To Domain [Sharing this NS]
Transform Name IPAddressToDomain_SharedNS
Short Description This transform returned shared domains on a NS record using historical/passive DNS
Owner Paterva
Author Roelof Temmingh (roelof@paterva.com)
Input IPAddress
Output Domain, Netblock

 

Description

This transform queries two historical DNS providers to determine if this IP address is also used by other domains as an NS record.

This type of reverse NS lookup cannot be performed using standard DNS queries and is very useful to find other domains associated with the IP number.

In most cases one would work from the actual DNS name of the NS record, but if you only have the IP address available there is no standard way of knowing if the IP address is an NS for a domain or not. This transform gives you the ability to do this. Unlike the reverse MX lookup the reverse NS lookup does not always imply that the domains found have a close relationship with the IP address as many companies and organizations outsource their DNS service.

Typical Use Case

Domain --> DNS Server --> IP Address ==> Related Domains

==> To Domain [Sharing this NS]
--> Related Transform

Example

Starting with the domain "google.com" we can get their nameservers. We can then resolve the nameservers to IP addreses. Using "To Domain [Sharing this NS]" we get other domains sharing the same NS record. This returns a long list of domains, which can be edited down to a list of domains owned/operated by Google and it's services.

Image 023.png

Continue to the To Wikipedia Edits << (maltego.Alias) page.


Official Maltego Documentation
-»
Transform Guide
-»
PATERVA CTAS
-»
To Domain [Sharing this NS] << (IPAddress)

© Copyright 2017, Paterva PTY Limited