Taras,
On Tue, Mar 15, 2011 at 11:14 PM, Taras <ox...@oxdef.info> wrote:
> Hi, all!
>
> What do you think about making some kind of port of host-extract tool
> described below in w3af? It can be a grep plugin. We already have
> privateIP grep plugin but it is useful in some cases to extract also
> hosts/IPs which are different than target (not only private IPs).
After thinking about this for a while, I think that we might
already have 90% of this tool within w3af. As you said, grep.privateIP
will find the private ip addresses, and what we're missing now are the
external hosts. We have a pretty good HTML/PDF parser that will
extract links, but only if they look like (http|https)://... . We
could create a grep plugin that would use their nasty regular
expression [0], line 232 and their false positive reduction (line
252).
That should be an easy task that almost anyone in the community
could perform, so I invite our users and potential contributors to
step up and try to do it :) We'll be here to help you out along the
way.
[0] http://code.google.com/p/host-extract/source/browse/trunk/host-extract.rb
Regards,
>
> -------- Forwarded Message --------
> From: YGN Ethical Hacker Group <li...@yehg.net>
> To: full-disclosure <full-disclos...@lists.grok.org.uk>,
> websecur...@webappsec.org
> Subject: [WEB SECURITY] [new tool announcement] host-extract
> Date: Mon, 14 Mar 2011 00:46:18 +0800
>
> Host-Extract | Host/IP Pattern Extractor
> ===============================
>
> category: /pentest/enumeration/www
> useful area: blackbox testing
>
>
> This little ruby script tries to extract all IP/Host patterns in page
> response of a given URL and JavaScript/CSS files of that URL.
>
> With it, you can quickly identify internal IPs/Hostnames, development
> IPs/ports, cdn, load balancers, additional attack entries related to
> your target that are revealed in inline js, css, html comment areas
> and js/css files.
>
> This is unlike web crawler which looks for new links only in anchor
> tags (<a) or the like.
>
> In some cases, host-extract may give you false positives when there
> are some words like - main-site_ver_10.2.1.3.swf.
>
> With -v option, you can ask the tool to output html view-source
> snippets for each IP/Domain extracted. This will shorten your manual
> analysis time.
>
> Please go to http://host-extract.googlecode.com/ for more info.
>
>
> Download/Update
> ==============
> svn co http://host-extract.googlecode.com/svn/trunk/ host-extract
>
>
> Tutorial Wiki
> ==========
>
> Sebastien Damaye from aldeid.com has prepared a thorough host-extract
> tutorial with real-world famous web sites.
>
> http://aldeid.com/index.php/Host-extract
>
>
>
> --
> Taras
> http://oxdef.info
> ----
> "Software is like sex: it's better when it's free." - Linus Torvalds
>
>
>
> ------------------------------------------------------------------------------
> Colocation vs. Managed Hosting
> A question and answer guide to determining the best fit
> for your organization - today and in the future.
> http://p.sf.net/sfu/internap-sfd2d
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
