Nytro Posted November 15, 2013 Report Share Posted November 15, 2013 [h=1]Finding all the vhosts[/h]Published 11/11/2013 | By MWEThere are a number of ways to own a webapp. In a shared environment, an attacker can enumerate all the applications accessible and target the weakest one to root the server and with it all the webapps on the box. To try and emulate this approach on a pentest, we have to find ALL THE VHOSTS. [h=2]Key features[/h] This natty python 2 script scrapes a series of web applications (including bing and yougetsignal’s database) and looks at Subject Alternative Names in the SSL certificate to find as many web applications which resolve to an IP address as possible. No guarantees are made as to the completeness or accuracy of the data, but it’s the best we can do. It can give an insight into the attack surface associated with a given IP address, allowing testers to advise client in situations where the risk is out of their control. [h=2]Usage and example[/h]$ python2 allthevhosts.py 213.165.238.226[+] bing search complete[+] myipneighbours Search Complete[E]ipneighbour search error.[+] yougetsignal Search Complete[+] SAN enumeration complete.[+] resolved original addresss...[+] verifying that 8 found URLs resolve to the same address[+] all URLs resolvedwww.portcullis-security.comlabs.portcullis.co.ukwww.portcullis.co.ukctads.netportcullis-forensics.comportcullis-security.comportcullis.co.ukDownload:http://labs.portcullis.co.uk/download/allthevhosts.tar.gzSursa: Finding all the vhosts | Portcullis Labs Quote Link to comment Share on other sites More sharing options...
Silviu Posted November 15, 2013 Report Share Posted November 15, 2013 Foarte interesant. Din ce am vazut in sursa, foloseste si bing ca motor de cautare pentru treaba asta, bing care stiam ca nu mai permite asta. Quote Link to comment Share on other sites More sharing options...
l3tmeb3 Posted November 15, 2013 Report Share Posted November 15, 2013 Este asemanator RitX - Aldeid care isi face treaba f f f bine ! Quote Link to comment Share on other sites More sharing options...
aelius Posted November 15, 2013 Report Share Posted November 15, 2013 Foarte interesant. Din ce am vazut in sursa, foloseste si bing ca motor de cautare pentru treaba asta, bing care stiam ca nu mai permite asta.Ba da, ip:8yz.xyz.xyz.xyq in bing dot com ; Ex: http://www.bing.com/search?q=ip%3A94.152.141.161&go=&qs=n&form=QBRE&filt=all&pq=ip%3A94.152.141.161&sc=0-16&sp=-1&sk= Quote Link to comment Share on other sites More sharing options...
dsp77 Posted November 15, 2013 Report Share Posted November 15, 2013 Buna asta, administrez mai multe domenii cu subdomenii pe o masina cu un singur IP si le-a gasit pe toate.OFF: mi-am schimbat un pic parerea despre bingBa da, ip:8yz.xyz.xyz.xyq in bing dot com ; Ex: ip:94.152.141.161 - Bing Quote Link to comment Share on other sites More sharing options...
l3tmeb3 Posted November 15, 2013 Report Share Posted November 15, 2013 Well , nu cred ca bing este de vina ! Quote Link to comment Share on other sites More sharing options...
l3tmeb3 Posted November 28, 2013 Report Share Posted November 28, 2013 Oare de ce da eroare si l-a lasat asa : " [E]ipneighbour search error. " Quote Link to comment Share on other sites More sharing options...
