Nmap Development mailing list archives
Re: script for virtual host discovery
From: Carlos Pantelides <carlos_pantelides () yahoo com>
Date: Fri, 29 Oct 2010 09:18:53 -0700 (PDT)
Thank you, David. What does the script do? Make calls against a web server changing the http Host: header and watching at the response codes. Usage: nmap localhost --script http-vhosts --script-args \ 'domain=mydomain.com,names={www}' This will scan target on ports recognized as being serving http or https PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http |_http-vhosts: http-vhosts: http(80)://localhost(127.0.0.1)/ www.mydomain.com: 200 631/tcp open ipp 3306/tcp open mysql 5432/tcp open postgresql There are a few options: ignore_system_names=1 : don't load names from nselib/data/hostnames.lst names_file=file.txt : load names from file.txt ------------------------- At this stage, it is better to provide domain. In order to test fast the script, I recommend reducing the ports and ignoring system names: nmap -p 80 localhost --script http-vhosts --script-args 'domain=mydomain.com,names={http,jira},ignore_system_names=1 PORT STATE SERVICE 80/tcp open http | http-vhosts: http-vhosts: http(80)://localhost(127.0.0.1)/ http.mydomain.com: 200 |_http-vhosts: http(80)://localhost(127.0.0.1)/ jira.mydomain.com: 200 ------------------------- To test without installing, start with: nmap -p 80 --script ./http-vhosts.nse localhost --script-args 'domain=mydomain.com,names_file=hostnames.lst' ------------------------- Remember that it is my first contact with lua and with nmap scripting, please have no mercy. I have documented in the script the missing parts with @todos, any feedback will be greatly appreciated. Thank you, "Jacky Jack", for your hint about metasploit equivalent plugin. I will share host names with them. Carlos Pantelides
Attachment:
http-vhosts.nse
Description:
Attachment:
hostnames.lst
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- script for virtual host discovery Carlos Pantelides (Oct 28)
- Re: script for virtual host discovery David Fifield (Oct 28)
- <Possible follow-ups>
- Re: script for virtual host discovery Carlos Pantelides (Oct 29)
- Re: script for virtual host discovery Carlos Pantelides (Oct 30)
- Re: script for virtual host discovery Carlos Pantelides (Oct 31)
- Re: script for virtual host discovery David Fifield (Nov 01)
- Re: script for virtual host discovery Carlos Pantelides (Nov 02)
- Re: script for virtual host discovery David Fifield (Nov 02)
- Re: script for virtual host discovery Carlos Pantelides (Nov 02)
- Re: script for virtual host discovery David Fifield (Nov 03)
- Re: script for virtual host discovery Carlos Pantelides (Nov 04)
- Re: script for virtual host discovery Ron (Nov 04)
- Re: script for virtual host discovery Martin Holst Swende (Nov 04)
(Thread continues...)