http-vhosts
脚本使用类型:
portrule
脚本所属分类:
discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-vhosts.nse
Searches for web virtual hostnames by making a large number of HEAD requests against http servers using common hostnames.
Each HEAD request provides a different
Host
header. The hostnames come from a built-in default
list. Shows the names that return a document. Also shows the location of
redirections.
The domain can be given as the http-vhosts.domain
argument or
deduced from the target's name. For example when scanning www.example.com,
various names of the form <name>.example.com are tried.
file with the vhosts to try. Default nselib/data/vhosts-default.lst
The limit to start collapsing results by status code. Default 20
The path to try to retrieve. Default /
.
The domain that hostnames will be prepended to, for
example example.com
yields www.example.com, www2.example.com,
etc. If not provided, a guess is made based on the hostname.
执行格式
nmap --script http-vhosts -p 80,8080,443 <target>
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-vhosts: | example.com: 301 -> http://www.example.com/ | www.example.com: 200 | docs.example.com: 302 -> https://www.example.com/docs/ |_images.example.com: 200
Author: Carlos Pantelides
License: VER007 整理 http://www.ver007.com
Script action