[M] HostsDict, HostsMask & HostsCombine

Common description

This modules using for web-hosts search directly on target servers, without DNS participation. Work of this modules it`s a HTTP requests sending to target IP with «Host» header contains a hostname. This may be usable for searching hidden hosts with DNS records on internal DNS servers, or fully without them. Or for hosts, which was moved to new server, but not deleted from old server.

Module can search objects by mask, dictionary and by combination (mask + dict).

Module works only in «raw» mode.

Examples

Searching virtual hosts on IP:

./ws.py HostsDict --ip 82.146.56.21 --dict bases/demo/dict.txt --template @.hostsbrute.polygon.web-scout.online --false-re "Ubuntu Default Page"

Searching virtual hosts on IP by mask:

./ws.py HostsMask --ip 82.146.56.21 --mask ?l,1,4 --template @.hostsbrute.polygon.web-scout.online --false-re "Ubuntu Default Page"

Options (* - necessary)

Name

By default

Description

--template *

Template for work with mark symbol (@ by default) in place, where target phrase will be put. Examples: «@.site.com», «@-admin.site.com».

--dict *

For HostsBruterDict. Path to dict.

--mask *

For HostsBruterMask. Symbols mask.

--combine-template *

For HostsBruterCombine. Template for combined work. String with markers «%m%» and «%d%», which is place for dict word and mask word.

--ip *

Traget IP.

--false-re *

RegEx (python.re) for detect negative answers.

--false-size *

Size of negative answer (code 404 analogue). Remember, this size can be different in different tools. Use test mode for get right size.

--http-protocol

http

Protocol for requests sending. http/https.

--msymbol

Mark symbol for search template (--template)

--proxies

HTTP-proxy list.

--retest-re

RegEx (python.re) for check if request repeat is need. For example «Service Temporarily Unavailable».

--retest-codes

Set of status codes (separated by comma) as signature for request re-send.

--headers-file

File with HTTP headers for put it in work requests.

--ignore-words-re

RegEx (python.re) for ignoring target phrases. May be useful when you don't want check some phrases, for example contains “.ht”.

--msymbol

Mark symbol for search template (--template)

--delay

Delay in seconds between requests. It`s options not for all threads together, its for every thread separately.

--threads

Work threads count.

--parts

Split on X parts target dict or mask.

--part

Which part number we using in work?

--test

Test mode enable

--xml-report

Path to save xml-report

Previous[M] DnsDict, DnsMask & DnsCombine Next[M] FuzzerUrls

Last updated 5 years ago

Was this helpful?

Common description

Module can search objects by mask, dictionary and by combination (mask + dict).

Module works only in «raw» mode.

Examples

Searching virtual hosts on IP:

./ws.py HostsDict --ip 82.146.56.21 --dict bases/demo/dict.txt --template @.hostsbrute.polygon.web-scout.online --false-re "Ubuntu Default Page"

Searching virtual hosts on IP by mask:

./ws.py HostsMask --ip 82.146.56.21 --mask ?l,1,4 --template @.hostsbrute.polygon.web-scout.online --false-re "Ubuntu Default Page"

Options (* - necessary)

Name

By default

Description

--template *

Template for work with mark symbol (@ by default) in place, where target phrase will be put. Examples: «@.site.com», «@-admin.site.com».

--dict *

For HostsBruterDict. Path to dict.

--mask *

For HostsBruterMask. Symbols mask.

--combine-template *

For HostsBruterCombine. Template for combined work. String with markers «%m%» and «%d%», which is place for dict word and mask word.

--ip *

Traget IP.

--false-re *

RegEx (python.re) for detect negative answers.

--false-size *

Size of negative answer (code 404 analogue). Remember, this size can be different in different tools. Use test mode for get right size.

--http-protocol

http

Protocol for requests sending. http/https.

--msymbol

Mark symbol for search template (--template)

--proxies

HTTP-proxy list.

--retest-re

RegEx (python.re) for check if request repeat is need. For example «Service Temporarily Unavailable».

--retest-codes

Set of status codes (separated by comma) as signature for request re-send.

--headers-file

File with HTTP headers for put it in work requests.

--ignore-words-re

RegEx (python.re) for ignoring target phrases. May be useful when you don't want check some phrases, for example contains “.ht”.

--msymbol

Mark symbol for search template (--template)

--delay

Delay in seconds between requests. It`s options not for all threads together, its for every thread separately.

--threads

Work threads count.

--parts

Split on X parts target dict or mask.

--part

Which part number we using in work?

--test

Test mode enable

--xml-report

Path to save xml-report