Posts Tagged hostmap

You either love or hate Sun Tzu Quotes but, when they apply i’m inclined to use them

“It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle”

And so it is also with some web servers! Do you manage your own hosting? Or, like the million others out there, do you share one mega-server hosting hundreds of other sites as well?

Part of the recon stage of pentesting is checking for shared hosting. If there are other sites on your same server, your security is only as strong as their security. Web applications they deploy may not be as well thought out, secure, or even documented.

Long have I searched for ways to enumerate these virtual hosts, but each avenue was a semi-manual process. Now I have settled on a stellar tool by Alessandro `jekil` Tanasi called Hostmap. It uses a plethora of dns and scraping tricks to accomplish this task for us. Check out the documentation =)

Read the rest of this entry »