I agree completely, vhost support is rather tricky to automatically, you cant really enumerate vhost'ed domains, even if you could, you couldn't force all the cgi checks to run against each one using different values with the current code.
It would be pretty simple to write a patch and vhost_settings.inc plugin to allow this, just have the vhosts_settings.inc write to a KB entry and have the http_* functions check for this before defaulting to the FQDN. I was playing with some vhost brute forcer code, uses a huge list of common chost names, it would require a the same vhost plugin and patch to integrate it though. There are a surpisng amount of servers out there that trust a "127.0.0.1" or "localhost" Host header... -HD On Monday 28 October 2002 11:39 pm, Thomas Reinke wrote: > Ok...I see where I was brain-dead. But - doesn't this mean > there's a rather deficiency in the fact that the > various CGI abuse scripts will in the vast majority of cases > NOT use the correct Host: parameter in the HTTP protocol > (when they even try to use that in the first place)? > This is based on the observation that the majority of > web servers out there do not rDNS resolve back to the > host name needed to proplery retrieve web pages. > > I'd suggest that the host name to be used can default > to the gethostbyaddr value, but it should be allowed > to be a SETTINGS parameter that can be configured during > configuration of a scan run... - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
