Penetration Testing mailing list archives
RE: Websites Finding
From: "Walsh, Leo" <Leo_Walsh () jeffersonwells com>
Date: Wed, 21 Feb 2007 09:39:35 -0600
It sounds like what you want is a tool to enumerate the virtual web sites for a particular IP. Such sites are typically configured using host headers. The host headers (which are part of the HTTP request) are read by the web server to "map" the request for each site to the appropriate directory. When a web server is configured for host headers then requests to the IP typically fail. Only requests for a site by name (like site.com) are mapped to a directory. I'm not familiar with a tool that claims to enumerate host headers in IIS or Apache. I did find a script that will do the job in IIS either locally or remotely (if you have proper credentials). http://blogs.msdn.com/david.wang/archive/2005/07/13/HOWTO_Enumerate_IIS_ Website_Configuration.aspx You might try searches using the phrases "host header" or "virtual websites" in your search engine of choice. -Leo Walsh Jefferson Wells International 816-627-4222 (office) 913-484-8051 (cell) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Hacker Sent: Saturday, February 17, 2007 10:58 PM To: pen-test () securityfocus com Subject: Websites Finding Hi, I am scanning a number of web server which contains web sites. But I did not find any web site by giving the IP itself as URL. How to find out the web sites running under one IP? Is there any tool available for the same? Thanks Raj. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ ----------------------------------------- ******* Internet Email Confidentiality ******* The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that it is strictly prohibited (a) to disseminate, distribute or copy this communication or any of the information contained in it, or (b) to take any action based on the information in it. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Websites Finding Hacker (Feb 20)
- RE: Websites Finding Isidro Ramón Labrador Rodríguez (Feb 21)
- Re: Websites Finding Chris Hajer (Feb 21)
- Re: Websites Finding Patrick van Zweden (Feb 21)
- Re: Websites Finding Hacker (Feb 21)
- Re: Websites Finding crazy frog crazy frog (Feb 23)
- Re: Websites Finding Hacker (Feb 21)
- Re: Websites Finding Jürgen R. Plasser (Feb 21)
- Re: Websites Finding Bojan Zdrnja (Feb 21)
- Re: Websites Finding Michael Painter (Feb 23)
- Re: Websites Finding Aman Raheja (Feb 26)
- <Possible follow-ups>
- RE: Websites Finding Walsh, Leo (Feb 21)
- Re: Websites Finding ankur jindal (Feb 23)