search

[M] HostsDict, HostsMask & HostsCombine

hashtag
Common description

This modules using for web-hosts search directly on target servers, without DNS participation. Work of this modules it`s a HTTP requests sending to target IP with «Host» header contains a hostname. This may be usable for searching hidden hosts with DNS records on internal DNS servers, or fully without them. Or for hosts, which was moved to new server, but not deleted from old server.

Module can search objects by mask, dictionary and by combination (mask + dict).

Module works only in «raw» mode.

hashtag
Examples

Searching virtual hosts on IP:

./ws.py HostsDict --ip 82.146.56.21 --dict bases/demo/dict.txt --template @.hostsbrute.polygon.web-scout.online --false-re "Ubuntu Default Page"

Searching virtual hosts on IP by mask:

./ws.py HostsMask --ip 82.146.56.21 --mask ?l,1,4 --template @.hostsbrute.polygon.web-scout.online --false-re "Ubuntu Default Page"

hashtag
Options (* - necessary)

Name

By default

Description

--template *

Template for work with mark symbol (@ by default) in place, where target phrase will be put. Examples: «@.site.com», «@-admin.site.com».

--dict *

For HostsBruterDict. Path to dict.

--mask *

For HostsBruterMask. Symbols mask.

--combine-template *

For HostsBruterCombine. Template for combined work. String with markers «%m%» and «%d%», which is place for dict word and mask word.

--ip *

Traget IP.

--false-re *

RegEx (python.re) for detect negative answers.

--false-size *

Size of negative answer (code 404 analogue). Remember, this size can be different in different tools. Use test mode for get right size.

--http-protocol

http

Protocol for requests sending. http/https.

--msymbol

@

Mark symbol for search template (--template)

--proxies

HTTP-proxy list.

--retest-re

RegEx (python.re) for check if request repeat is need. For example «Service Temporarily Unavailable».

--retest-codes

Set of status codes (separated by comma) as signature for request re-send.

--headers-file

File with HTTP headers for put it in work requests.

--ignore-words-re

RegEx (python.re) for ignoring target phrases. May be useful when you don't want check some phrases, for example contains “.ht”.

--msymbol

@

Mark symbol for search template (--template)

--delay

0

Delay in seconds between requests. It`s options not for all threads together, its for every thread separately.

--threads

10

Work threads count.

--parts

0

Split on X parts target dict or mask.

--part

0

Which part number we using in work?

--test

0

Test mode enable

--xml-report

0

Path to save xml-report

Previous[M] DnsDict, DnsMask & DnsCombineNext[M] FuzzerUrls

Last updated

Was this helpful?