.comment-link {margin-left:.6em;}
Xavier's Security Post
Thursday, October 27, 2005
  discovering unknown vhosts
quick and straight to the point.. here are some methods I use to discover "unknown" virtual hosts hosted beside the target domain.

1) whois.sc's reverse ip lookup service

this site actually offers a pretty cool tool in reversing vhosts on specific IP addresses. it offers to show the first three hosts listed for the target IP, and if you would like a more complete list then you'd have to pay ofcourse. the reason I use this service a lot is because it's actually pretty occurate. I've been able to bump into several vulnerable sites hosted on target boxes.

2) searchmee's ip-hunt

searchmee.com actually has a pretty cool tool that actually is able to show you some interesting results. it's able to show you virtual hosts that that have been found by it's search spider residing on a target IP (or range). it's results are all based on cache.

3) google.com + netcraft

a) google can be useful in virtual host enumeration by searching the engine with the target's ip address.

b) netcraft is as easy as you can get when determining possible virtual hosts to a target domain by using special queries into its little search textbox. read up its syntax from the site itself.

there are tools out there that uses several different techniques (usually netcraft+google+other search engines) to find such information.
Comments: Post a Comment

Links to this post:

Create a Link

<< Home
This public blog will be a place for me to output any Security findings, both technological and physical, that I have come about. I will post Security advisories I was apart of, and also other interesting bits of knowledge. email: xavier [at] tigerteam.se

Rocks Clusters <=4.1 mount-loop local root
Rocks Clusters <=4.1 umount-loop local root
TSEAD-200606-6 - Rocks Clusters <=4.1 local root
xorgmodroot.py - Xorg-server 1.0 / <=X11R6.9.0-7.0 local root
TSEAD-200509-5 - Multiple Netscape.com vulnerabilities.
TSEAD-200512-3 - Multiple vulnerabilities in KISBG <=v5.1.1
fsigk_exp.py - FSIGK for Linux <=2.10-431 local root
TSEAD-200510-4 - FSIGK for Linux <=2.10-431 advisory
ritk.php - remote inclusion pentest tool
owm_exp.py - openwebmail <=2.51+ local root
perliodebug_exp.py - perlIO_debug 5.8.* local root
bankfix.py - bank card number lookup tool
TSEAD-200412-2 - AOL XSS/file read vuln
TSEAD-200412-1 - AOL redir vuln

September 2005 / October 2005 / November 2005 / December 2005 / March 2006 / April 2006 / May 2006 / June 2006 / July 2006 / September 2006 / October 2006 /