Friday, November 22, 2013

Scanning for Google's internal corporate subdomains

For some reason Gmail appears to use an internal DNS server. This allows to verify existence and even resolve the IP addresses of Google's internal corporate domain names. For example, if you send an e-mail to test@root.corp.google.com you will receive an error response:

So apparently there's a server located at root.corp.google.com and its ip address is 172.16.115.10.
Here's a list of some of these domain names (of course it's not comprehensive).
Some companies:
yahoo.corp.google.com172.31.9.1
oracle.corp.google.com172.25.116.205
microsoft.corp.google.com172.31.9.1
myspace.corp.google.com172.25.121.235
bebo.corp.google.com172.17.90.16
makani.corp.google.com172.27.145.31
splunk.corp.google.com172.25.117.23
netapp.corp.google.com[::ffff:172.16.255.48], 172.16.255.48
tableau.corp.google.com172.25.100.77
fireeye.corp.google.com172.24.0.7

Google's corporate structure:
marketing.corp.google.com172.18.77.12

And a lot of other words:
male.corp.google.com172.25.208.116
offer.corp.google.com172.25.121.53
girl.corp.google.com172.22.73.34
computer.corp.google.com172.26.77.190
fail.corp.google.com172.25.121.235
fear.corp.google.com172.17.80.52
death.corp.google.com172.17.81.204
ash.corp.google.com172.22.64.63
dust.corp.google.com172.25.129.187
spirit.corp.google.com172.17.90.106
policy.corp.google.com172.24.184.119
nothing.corp.google.com172.22.122.136
gypsy.corp.google.com172.18.76.135
boot.corp.google.com172.18.84.202
root.corp.google.com172.16.115.10
surveys.corp.google.com70.32.156.24
license.corp.google.com172.24.98.14
humor.corp.google.com172.22.115.121
peregrine.corp.google.com172.18.116.84
rda.corp.google.com172.17.90.30
sierra.corp.google.com172.18.125.44
lattice.corp.google.com172.22.116.27
manhattan.corp.google.com172.18.135.203
research.corp.google.com172.22.132.245
discovery.corp.google.com172.22.96.46
concepts.corp.google.com172.24.0.202
invent.corp.google.com172.17.81.164
effort.corp.google.com172.25.66.67
free.corp.google.com172.18.104.61
kick.corp.google.com172.22.133.156
air.corp.google.com216.239.44.190
never.corp.google.com172.22.102.87
event.corp.google.com172.25.138.70
you.corp.google.com172.17.132.179
aqualung.corp.google.com172.22.118.62