Jump to content
Nytro

Finding all the vhosts

By Nytro, in Programe utile

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]Finding all the vhosts[/h]

Published 11/11/2013 | By MWE

There are a number of ways to own a webapp. In a shared environment, an attacker can enumerate all the applications accessible and target the weakest one to root the server and with it all the webapps on the box. To try and emulate this approach on a pentest, we have to find ALL THE VHOSTS.

[h=2]Key features[/h] This natty python 2 script scrapes a series of web applications (including bing and yougetsignal’s database) and looks at Subject Alternative Names in the SSL certificate to find as many web applications which resolve to an IP address as possible. No guarantees are made as to the completeness or accuracy of the data, but it’s the best we can do. It can give an insight into the attack surface associated with a given IP address, allowing testers to advise client in situations where the risk is out of their control.

[h=2]Usage and example[/h]

$ python2 allthevhosts.py 213.165.238.226
[+] bing search complete
[+] myipneighbours Search Complete
[E]ipneighbour search error.
[+] yougetsignal Search Complete
[+] SAN enumeration complete.
[+] resolved original addresss...
[+] verifying that 8 found URLs resolve to the same address
[+] all URLs resolved

www.portcullis-security.com
labs.portcullis.co.uk
www.portcullis.co.uk
ctads.net
portcullis-forensics.com
portcullis-security.com
portcullis.co.uk

Download:

http://labs.portcullis.co.uk/download/allthevhosts.tar.gz

Sursa: Finding all the vhosts | Portcullis Labs

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...