Hi there
Now i want to know which command you run in linux to discover if a website is virtually hosted or not.
For instance, if i have a 196.x.x.x and it hosts multiple site, is there a way in linux or a tool available to enumerate the sites hosted as virtual domains??


CHEERS

no, it's really none of your business (from a technical perspective i mean...) the closest you *could* get would be to do a reverse lookup on the ip address to get all A records pointing to it. from then though, you'd still want the CNAME's pointing to the A's and neither of those jumps are possible (AFAIK). you can get the PTR record for the IP, but that's only one address, usually the name for a physical box, which wouldn't relate the the domains held on it.

as far as virtual hosting in itself... it's really not an interesting thing. there's no difference if an apache instance has 1 default server or 1 virtual host or 1000 virtual hosts.

Given one domain name you can get somewhere using Robtex, though admittedly that's not a local tool. Here's an example query for mrtgglds dot nf (which was either scam or spam, can't remember). I vaguely remember recon possibilities using the Google API but I can't find any clues right now.


If it's interesting is for the OP to decide. Why else would he be asking? Besides, given the recent infections of certain webfarms hosting hundreds of sites *I* find it interesting.

Nice site... interesting graphing of the relationships... I assume it's technically a brute force approach they're taking?

and i meant interesting in "fingers" really... seemed as if there was a suggestion that using a virtualhost was technically inferior or some such.

Spose it is, can't imagine any other way. Either way what they're doing is way cool.


Hmm. Haven't read it like that. Oh well. Maybe I need a new lexer.

Thanks alot......
Yeah i mean why wouldnt it be my business if i had like say 1000 virtual hosts and i need to map them out for some reason?

Away from that...i think i found a way to do though its a bit quick and dirty. I wrote a simple perl script and it workin just fine for now..


Another question i had was how do i protect my webserver from being discovered as one that hosts multiple site?
I have done pen tests myself and once you realize that a certain address maps to over 30 websites then its kinda easy to take them down...


I seek clarification

why is it easier to take them down?? i don't understand why you seem to think that a virtual host is somehow deficient... 30 small secure sites with little content are a lot harder to take down that one huge one littered with holes.

how do you stop them being "discovered"? stop running them i guess. if you run a website, it's pretty obvious you want it to be used. as above we're assuming that the tool there just uses a very large dns cache to search through, so as long as you have valid dns records in order to get the traffic, you would be "susceptible" to being cross referenced. still don't see it as a problem in the slightest.

If what I understood is correct, you want all the sites on an IP address. Use this site, I use it to understand which all sites are being hosted on the server to get a decent idea of how the host is...

well there's a good example of how vague it is to find this info. I put one of my sites in there, and it's shown a totally different set to unspawns link... the second one appears to state it's comprehensive too, which is clearly isn't.

Can we please look at the script?

Well I kinda cross checked with my /etc/passwd file, all of the sites shown on seologs seem to be correct to me.

for your domain sure... for others, not so...

Heh. I didn't even test it. Any DN that has "SEO" in it is usually marketing something and "searchengine optimization" is way overrated anyway.