Metasploit mailing list archives
Re: scanner/http/vhost_scanner | Misleading name
From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Thu, 25 Mar 2010 04:22:58 +0800
Thanks, it does. GET / HTTP/1.1 Host: VIMCo.test.net Content-Type: text/plain Content-Length: 0 Please commit the svn with FILE option. Thanks again. On Thu, Mar 25, 2010 at 4:09 AM, <egypt () metasploit com> wrote:
Read the code. What you describe is exactly what it currently does. -egypt On Wed, Mar 24, 2010 at 2:01 PM, Jacky Jack <jacksonsmth698 () gmail com> wrote:As said above, it uses DNS queries to find vhost. Maybe vhost can be modified to adapt to my suggested idea. On Thu, Mar 25, 2010 at 3:57 AM, <egypt () metasploit com> wrote:What do you think vhosts_scanner does? -egypt On Wed, Mar 24, 2010 at 1:55 PM, Jacky Jack <jacksonsmth698 () gmail com> wrote:Nope, I'm thinking of actual virtual host digger which doesn't concern with dns instead it deals with only the target. For example, the target is a web server which has many virtual hosts defined. I need a module that automates: GET / HTTP/1.1 Host: {Common_VIRTUAL_HOSTS} Connection: close hosts will be: - intranet.company.com - test.company.com - www1.company.com The digger will compare the result between the page content hash of with host header and without host header. These names haven't been defined in DNS server till the production stage. If you think it sounds logical, someone will come up to code this new module. On Thu, Mar 25, 2010 at 3:46 AM, Jonathan Cran <jcran () 0x0e org> wrote:On Wed, Mar 24, 2010 at 3:27 PM, Jonathan Cran <jcran () 0x0e org> wrote:scanner/http/vhost_scanner should be scanner/http/subdomain_scanner as it digs for subdomains.nope, it's doing queries against each host for :80 and comparing that with a known value. not the same as a subdomain scanner, which is just going to query for a dns record.if you're looking for dns subdomain scanning, take a look at gather/dns_enum jcran_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- scanner/http/vhost_scanner | Misleading name Jacky Jack (Mar 24)
- Re: scanner/http/vhost_scanner | Misleading name Jonathan Cran (Mar 24)
- Re: scanner/http/vhost_scanner | Misleading name Jonathan Cran (Mar 24)
- Re: scanner/http/vhost_scanner | Misleading name Jacky Jack (Mar 24)
- Re: scanner/http/vhost_scanner | Misleading name egypt (Mar 24)
- Message not available
- Message not available
- Re: scanner/http/vhost_scanner | Misleading name Jacky Jack (Mar 24)
- Re: scanner/http/vhost_scanner | Misleading name HD Moore (Mar 24)
- Re: scanner/http/vhost_scanner | Misleading name Jonathan Cran (Mar 24)
- Re: scanner/http/vhost_scanner | Misleading name Jonathan Cran (Mar 24)