Andrés, Practice mames perfect, but at first sight I suggest to look at the last dot in the example, that won't be on IP addresses. Also, looking at protocols before the IP or hostname might help. E.g. http:// or ftp://...
For http, looking at the expected characters after the IP or hostname may also help, such as / or ; (URL cookies) or ? (get arguments), etc. Perhaps the best option would be to provide as output a more trusted list of IP and hostnames, and an extended list that would potentially include false possitives, not to miss anything. Cheers, -- Raul Siles On Thursday, March 17, 2011, Andres Riancho <andres.rian...@gmail.com> wrote: > Taras, > > On Tue, Mar 15, 2011 at 7:14 PM, Taras <ox...@oxdef.info> wrote: >> Hi, all! >> >> What do you think about making some kind of port of host-extract tool >> described below in w3af? It can be a grep plugin. We already have >> privateIP grep plugin but it is useful in some cases to extract also >> hosts/IPs which are different than target (not only private IPs). > > Sounds like a good idea if we can reduce the false positives ! Any > techniques you can think of for reducing them? > > Regards, > >> >> -------- Forwarded Message -------- >> From: YGN Ethical Hacker Group <li...@yehg.net> >> To: full-disclosure <full-disclos...@lists.grok.org.uk>, >> websecur...@webappsec.org >> Subject: [WEB SECURITY] [new tool announcement] host-extract >> Date: Mon, 14 Mar 2011 00:46:18 +0800 >> >> Host-Extract | Host/IP Pattern Extractor >> =============================== >> >> category: /pentest/enumeration/www >> useful area: blackbox testing >> >> >> This little ruby script tries to extract all IP/Host patterns in page >> response of a given URL and JavaScript/CSS files of that URL. >> >> With it, you can quickly identify internal IPs/Hostnames, development >> IPs/ports, cdn, load balancers, additional attack entries related to >> your target that are revealed in inline js, css, html comment areas >> and js/css files. >> >> This is unlike web crawler which looks for new links only in anchor >> tags (<a) or the like. >> >> In some cases, host-extract may give you false positives when there >> are some words like - main-site_ver_10.2.1.3.swf. >> >> With -v option, you can ask the tool to output html view-source >> snippets for each IP/Domain extracted. This will shorten your manual >> analysis time. >> >> Please go to http://host-extract.googlecode.com/ for more info. >> >> >> Download/Update >> ============== >> svn co http://host-extract.googlecode.com/svn/trunk/ host-extract >> >> >> Tutorial Wiki >> ========== >> >> Sebastien Damaye from aldeid.com has prepared a thorough host-extract >> tutorial with real-world famous web sites. >> >> http://aldeid.com/index.php/Host-extract >> >> >> >> -- >> Taras >> http://oxdef.info >> ---- >> "Software is like sex: it's better when it's free." - Linus Torvalds >> >> >> >> ------------------------------------------------------------------------------ >> Colocation vs. Managed Hosting >> A question and answer guide to determining the best fit >> for your organization - today and in the future. >> http://p.sf.net/sfu/internap-sfd2d >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> > > > > -- > Andrés Riancho > Director of Web Security at Rapid7 LLC > Founder at Bonsai Information Security > Project Leader at w3af > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- -- Raul Siles - www.raulsiles.com Founder & Senior Security Analyst Taddong (www.taddong.com) ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
