Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-enum with virtual hosts

From: Ron <ron () skullsecurity net>
Date: Fri, 1 Jul 2011 12:13:02 -0500
I can confirm it's working as expected by scanning my own host (www.javaop.com):

-----------
GET /cwhp/auditLog.do?file=..............Program%20FilesCSCOpxlibclasspathcomcisco
mcmfdbservice2DBServer.properties HTTP/1.1
Connection: close
User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)
Host: www.javaop.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /cwhp/auditLog.do was not found on this server.</p>
<hr>
<address>Apache Server at x86labs.org Port 80</address>
</body></html>
-----------

I don't have time to play around much, but the problem isn't the virtual host argument - the "host:" is there as 
expected. 

Ron



On Fri, 1 Jul 2011 20:07:22 +0300 Toni Ruottu <toni.ruottu () iki fi> wrote:

Maybe there is some other problem. I am running an instance of
Mediawiki at javascript0.org and I understood http-enum would be able
to detect that. Is this correct? Could you try scanning that host to
see if it works for you?

On Fri, Jul 1, 2011 at 6:08 PM, Ron <ron () skullsecurity net> wrote:

http-enum uses the standard http functions, which use (or used to
use) stdnse.get_hostname(), which *should* use the name supplied on
the commandline (unless something's changed).

I tested with vhosts a long time ago and it worked, so if it
stopped working then there's something wrong.

Ron

On Fri, 1 Jul 2011 17:23:27 +0300 Toni Ruottu <toni.ruottu () iki fi>
wrote:

Is there a way to use http-enum with virtualhosts? I'm running
multiple sites from one IP address, and the content depends on the
dns name. I think http-enum currently ignores the dns name I give
to nmap.

  --Toni

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: