Nmap Development mailing list archives
Re: [NSE] How to get hostname?
From: Fyodor <fyodor () insecure org>
Date: Mon, 4 Jun 2007 21:08:20 -0700
On Mon, Jun 04, 2007 at 02:50:19PM +0200, rin_tin_tin () centrum cz wrote:
I`ve created small NSE script for testing SQL Injection. It need send correct Host headers in http-requests ( the same hostname like in targets list [which is parsed from google]), but I have no idea how to do it. I tried use host.name, but it`s in almost cases different from scanned hostname. Is there any chance, how to get it? (If site return HTTP 302 to me, I can get it from Location header, but it is not good solution ;]] example: nmap www.nmap.org -> host.ip = '205.217.153.53' and host.name = 'www.insecure.org' Thus, is in NSE some function to get www.nmap.org? not www.insecure.org ...
Hi Mike. I don't think Nmap has a way to get that information right now. And plus the name put in by the user (if any -- putting in IPs and networks is probably at least as common as names) isn't necessarily any more likely to be the web server's official hostname than the name obtained from reverse DNS. Your 302 approach actually sounds like a promising idea. If you find the best name, you could save it in the registry for other scripts. Also, we're looking at command line options for specifying variables like this. So your script could first check if a ServerName variable was set, and use that if it was. Otherwise, it could fall back to Nmap's host.name. Thanks for your feedback! Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] How to get hostname? rin_tin_tin (Jun 04)
- Re: [NSE] How to get hostname? Fyodor (Jun 04)