WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Enumerate Web Virtual Site

From: pagvac <unknown.pentester () gmail com>
Date: Sat, 18 Nov 2006 23:57:42 +0000
This topic was covered with detail in the paper "Exegesis of Virtual
Hosts Hacking":

http://www.infosecwriters.com/text_resources/pdf/exegesis.pdf

After reading it you should have a pretty good idea on how to find
different virtual sites hosted behind the same IP address.

On 9/2/06, thomas springer <tuevsec () gmx net> wrote:

There is no way to enumerate all virtual hosts relyable and complete
(unless you have access to the webserver-config).

A good guess is the already mentioned ip-search from msn.
There are also a handful of databases on the net that know about
ip-numbers and hostnames. The best known might be http://dnstools.com
(formerly whois.sc), another option is http://webhosting.info.

Both databases focus on .com/.net/.org - domains. If you are interested
in a broader tld-range you might also try http://www.tomdns.net - the
site is currently in heavy beta. tomdns does some active researching
after you start a query - so you might get more results when you repeat
your search a few minutes later.

tom


Roger Liu wrote:
> Dear all,
> I'm testing the security of a computer which is used for a web site, but
> I just get an IP address. Now I need to know how many virtual sites
> running on this computer. How do I enumerate all the virtual site? Any
> good idea/tools to do this ?
> Thanks
>
>
>





--
pagvac
[http://ikwt.com/]

-------------------------------------------------------------------------
Sponsored by: Watchfire
Today's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper, explains what to do and provides a guideline to improving your own application security. Download this whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: