Re: http-vhosts.nse ready for beta

[Carlos Pantelides <carlos_pantelides () yahoo com>]

David:


> I had to use the  bypass_cache option in http.head, otherwise the first
> response was
> getting cached and no later requests were effective.

weird, did not have this problem

> I also changed the  output to show only the tested name and possibly a
> redirect. 

agree

 
> The first thing I want you to change is that there is way
> too much
> output.

collapsed

> The other thing I noticed is that the behavior is
> surprising when a name
> without a "www" (or other) prefix is used. When scanning
> insecure.org
> (with a shortened hostname list):
>
> PORT   STATE SERVICE REASON
> 80/tcp open  http    syn-ack
> | http-vhosts:
> | org: 200
> | www.org: 200
> | docs.org: 200
> |_images.org: 200

> Now that I think about it, this particular case is probably
> a side
> effect of my using host.targetname to guess the domain, but
> I think the
> problem stands anyway. A good default behavior would be not
> to make a
> name shorter than two components. (This will still have
> problems with
> co.uk names for example.) If the user provides a name then
> you always
> accept it.

I'll check this. I am not sure, but I think that I've discarded host.targetname in one of my first attempts. I'd rather 
prefer not to be so smart. There is a a script arg http-vhosts.domain as a last resort. 


> Make sure you make your changes from the latest copy of the
> script in  Subversion.

sure


Carlos Pantelides

Attachment: http-vhosts.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/