Nmap Development mailing list archives
Re: http-vhosts.nse ready for beta
From: David Fifield <david () bamsoftware com>
Date: Tue, 7 Dec 2010 16:59:26 -0800
On Tue, Dec 07, 2010 at 04:41:05AM -0800, Carlos Pantelides wrote:
David:I had to use the bypass_cache option in http.head, otherwise the first response was getting cached and no later requests were effective.weird, did not have this problemI also changed the output to show only the tested name and possibly a redirect.agreeThe first thing I want you to change is that there is way too much output.collapsed
Thanks, it's applied.
The other thing I noticed is that the behavior is surprising when a name without a "www" (or other) prefix is used. When scanning insecure.org (with a shortened hostname list): PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-vhosts: | org: 200 | www.org: 200 | docs.org: 200 |_images.org: 200Now that I think about it, this particular case is probably a side effect of my using host.targetname to guess the domain, but I think the problem stands anyway. A good default behavior would be not to make a name shorter than two components. (This will still have problems with co.uk names for example.) If the user provides a name then you always accept it.I'll check this. I am not sure, but I think that I've discarded host.targetname in one of my first attempts. I'd rather prefer not to be so smart. There is a a script arg http-vhosts.domain as a last resort.
I think it's important to start with host.targetname, as that is the name the user typed in. The reverse DNS name host.name might be related, but might not. To use the mongodb.org example again, the reverse DNS of www.mongodb.org is ec2-75-101-156-249.compute-1.amazonaws.com. It would be surprising if the script started testing bugzilla.compute-1.amazonaws.com etc. When http.lua makes requests, it uses the same logic in defining the Host header (when it's not overridden as it is in your script). First host.targetname, then host.name, then the IP address if all else fails. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-vhosts.nse ready for beta Carlos Pantelides (Nov 16)
- Re: http-vhosts.nse ready for beta David Fifield (Nov 29)
- <Possible follow-ups>
- Re: http-vhosts.nse ready for beta Carlos Pantelides (Dec 02)
- Re: http-vhosts.nse ready for beta David Fifield (Dec 05)
- Re: http-vhosts.nse ready for beta Carlos Pantelides (Dec 07)
- Re: http-vhosts.nse ready for beta David Fifield (Dec 07)