Nmap Development mailing list archives
Re: http-vhosts.nse ready for beta
From: Carlos Pantelides <carlos_pantelides () yahoo com>
Date: Tue, 7 Dec 2010 04:41:05 -0800 (PST)
David:
I had to use the bypass_cache option in http.head, otherwise the first response was getting cached and no later requests were effective.
weird, did not have this problem
I also changed the output to show only the tested name and possibly a redirect.
agree
The first thing I want you to change is that there is way too much output.
collapsed
The other thing I noticed is that the behavior is surprising when a name without a "www" (or other) prefix is used. When scanning insecure.org (with a shortened hostname list): PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-vhosts: | org: 200 | www.org: 200 | docs.org: 200 |_images.org: 200
Now that I think about it, this particular case is probably a side effect of my using host.targetname to guess the domain, but I think the problem stands anyway. A good default behavior would be not to make a name shorter than two components. (This will still have problems with co.uk names for example.) If the user provides a name then you always accept it.
I'll check this. I am not sure, but I think that I've discarded host.targetname in one of my first attempts. I'd rather prefer not to be so smart. There is a a script arg http-vhosts.domain as a last resort.
Make sure you make your changes from the latest copy of the script in Subversion.
sure Carlos Pantelides
Attachment:
http-vhosts.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-vhosts.nse ready for beta Carlos Pantelides (Nov 16)
- Re: http-vhosts.nse ready for beta David Fifield (Nov 29)
- <Possible follow-ups>
- Re: http-vhosts.nse ready for beta Carlos Pantelides (Dec 02)
- Re: http-vhosts.nse ready for beta David Fifield (Dec 05)
- Re: http-vhosts.nse ready for beta Carlos Pantelides (Dec 07)
- Re: http-vhosts.nse ready for beta David Fifield (Dec 07)