How and from where websites like this http://www.yougetsignal.com/tools/web-sites-on-web-server/ are getting this information from? How can I develop such tool?
Thank you.
You can use ping -a <ip> or nbtstat -A <ip>
They're just trawling lists of web sites, and recording the resulting IP addresses in a database.
All you're seeing is the reverse mapping of that list. It's not guaranteed to be a full list (indeed more often than not it won't be) because it's impossible to learn every possible web site address.
This worked for me to get domain in intranet
https://gist.github.com/jrothmanshore/2656003
It's a powershell script. Run it in PowerShell
.\ip_lookup.ps1 <ip>
nslookup commandG:\wwwRoot\JavaScript Testing>nslookup 208.97.177.124
Server: phicomm.me
Address: 192.168.2.1
Name: apache2-argon.william-floyd.dreamhost.com
Address: 208.97.177.124
G:\wwwRoot\JavaScript Testing>
http://www.guidingtech.com/2890/find-ip-address-nslookup-command-windows/
if you want get more info, please check the following answer!
https://superuser.com/questions/287577/how-to-find-a-domain-based-on-the-ip-address/1177576#1177576
From about section of Reverse IP Domain Check tool on yougetsignal:
A reverse IP domain check takes a domain name or IP address pointing to a web server and searches for other sites known to be hosted on that same web server. Data is gathered from search engine results, which are not guaranteed to be complete.
Source: Stackoverflow.com