Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vhost mode #247

Closed
s0i37 opened this issue Oct 23, 2020 · 4 comments
Closed

vhost mode #247

s0i37 opened this issue Oct 23, 2020 · 4 comments

Comments

@s0i37
Copy link

s0i37 commented Oct 23, 2020

Hello.
It seems to me that it is not need to concatenate subdomains and url.
gobuster vhost -w subdomains.txt -u http://site.company.org/
It concatenates each subdomain with site.company.org = subdomain.site.company.org. Then I expected subdomain.company.org
Actually it may be usefull only in one case when I need to discover subdomains in main domain:
gobuster vhost -w subdomains.txt -u http://company.org/
But very offten webservers may server many sites (subdomains) from variuos domain like a subdomain.company.org or subdomain.old-company.org.
Also I can't use it if site hasn't active domain and has just IP:
gobuster vhost -w subdomains.txt -u http://1.2.3.4/
In result it will be subdomain.1.2.3.4 it is stuff.
Hovewer this web-server also could be contains old sites which names may be obtained from passive-dns.

I think that gobuster vhost don't need contatenate sub + domain.com. Each entry from subdomains.txt must be inserted in host header without any concatenation like a FQDN.

Thank you.
@firefart
Copy link
Collaborator

This mode is used to find certain vhosts on a domain so this is intended. Also, if you supply an IP address instead of a hostname how should that work?

@s0i37
Copy link
Author

s0i37 commented Oct 26, 2020

Ok I would suppose 3 examples from real live.
Example 1. Server 1.2.3.4 with domain name files.company.org has following virtual hosts:

  • storage.company.org
  • p2p.company.org
  • foo.company.org
  • bar.company.org

If I run gobuster vhost -u http://files.company.org -w domains.txtI will have:

  • storage.files.company.org
  • p2p.files.company.org
  • foo.files.company.org
  • bar.files.company.org

Example 2. Server 5.6.7.8 has not any domain names at all. But with passive dns I can obtain old domains which could be probably have served yet on this server. Again I run gobuster vhost -u http://5.6.7.8 -w domains.txt:

  • storage.5.6.7.8
  • p2p.5.6.7.8
  • foo.5.6.7.8
  • bar.5.6.7.8

Example 3. Server company.org has following vhosts:

Yes I can find www.company.org but not old-company.org and oldold-company.org.
How can I find all these vhosts from all these examples?

@firefart
Copy link
Collaborator

Thanks I will have a look into this

@firefart firefart reopened this Oct 26, 2020
@s0i37
Copy link
Author

s0i37 commented Oct 27, 2020

#249 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@firefart @s0i37