Thursday, October 27, 2005
discovering unknown vhosts
quick and straight to the point.. here are some methods I use to discover "unknown" virtual hosts hosted beside the target domain.
1) whois.sc's reverse ip lookup service
2) searchmee's ip-hunt
3) google.com + netcraft
there are tools out there that uses several different techniques (usually netcraft+google+other search engines) to find such information. ¶ 10/27/2005 06:30:00 AM
1) whois.sc's reverse ip lookup service
this site actually offers a pretty cool tool in reversing vhosts on specific IP addresses. it offers to show the first three hosts listed for the target IP, and if you would like a more complete list then you'd have to pay ofcourse. the reason I use this service a lot is because it's actually pretty occurate. I've been able to bump into several vulnerable sites hosted on target boxes.
2) searchmee's ip-hunt
searchmee.com actually has a pretty cool tool that actually is able to show you some interesting results. it's able to show you virtual hosts that that have been found by it's search spider residing on a target IP (or range). it's results are all based on cache.
3) google.com + netcraft
a) google can be useful in virtual host enumeration by searching the engine with the target's ip address.
b) netcraft is as easy as you can get when determining possible virtual hosts to a target domain by using special queries into its little search textbox. read up its syntax from the site itself.
there are tools out there that uses several different techniques (usually netcraft+google+other search engines) to find such information. ¶ 10/27/2005 06:30:00 AM