mailing list archives
RE: Scan virtual hosts
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Thu, 25 Aug 2005 13:44:30 +1200
From: Geert VAN ACKER [mailto:geert.vanacker () pandora be]
Sent: Thursday, 25 August 2005 2:49 a.m.
To: pen-test () securityfocus com
Subject: Scan virtual hosts
is it possible to enumerate all virtual hosts on a given IP
address ? I
prefer Linux soft.
As virtual hosts are defined just by a Host: header in client's request, I'm
pretty sure that there is no way (please let me know if there is!) to
enumerate virtual hosts from a remote machine.
The only way is to check the actual configuration file of the HTTP daemon,
for which you need local hosts access, of course.
If you know that only certain domain is hosted on a particular physical
machine, and if you can get the DNS zone for that domain, you can check
which hostnames' pointers go to that physical machine.
Bojan Zdrnja, CISSP, RHCE
Security Implementation Specialist
Information Technology Systems and Services (ITSS)
The University of Auckland, New Zealand