From: Walsh, Leo (Leo_Walsh@jeffersonwells.com)
Date: Wed Feb 21 2007 - 10:39:35 EST
It sounds like what you want is a tool to enumerate the virtual web
sites for a particular IP. Such sites are typically configured using
host headers. The host headers (which are part of the HTTP request) are
read by the web server to "map" the request for each site to the
appropriate directory. When a web server is configured for host headers
then requests to the IP typically fail. Only requests for a site by name
(like site.com) are mapped to a directory.
I'm not familiar with a tool that claims to enumerate host headers in
IIS or Apache. I did find a script that will do the job in IIS either
locally or remotely (if you have proper credentials).
http://blogs.msdn.com/david.wang/archive/2005/07/13/HOWTO_Enumerate_IIS_
Website_Configuration.aspx
You might try searches using the phrases "host header" or "virtual
websites" in your search engine of choice.
-Leo Walsh
Jefferson Wells International
816-627-4222 (office)
913-484-8051 (cell)
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Hacker
Sent: Saturday, February 17, 2007 10:58 PM
To: pen-test@securityfocus.com
Subject: Websites Finding
Hi,
I am scanning a number of web server which contains web sites. But I did
not find any web site by giving the IP itself as URL. How to find out
the web sites running under one IP? Is there any tool available for the
same?
Thanks
Raj.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
-----------------------------------------
******* Internet Email Confidentiality ******* The information
contained in this message may be privileged and confidential and
protected from disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby
notified that it is strictly prohibited (a) to disseminate,
distribute or copy this communication or any of the information
contained in it, or (b) to take any action based on the information
in it. If you have received this communication in error, please
notify us immediately by replying to the message and deleting it
from your computer.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:35 EDT