Thursday, July 22, 2010
11:20 AM

Hostnames and Virtual Hosts Discovery tool - Hostmap

It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.
- Sun Tzu, The Art of War
As Sun Tzu said, you have to know your enemy. During an hacking engagement, like a penetration test, you need to retrieve as much information as possible from your target in order to be successful.

Hostmap helps you using several techniques to enumerate all the hostnames and configured virtual hosts associated with an IP address.

In the real world an IP address can be registered in a DNS server with multiple host names, because it can have some aliases or hosting a bunch of websites.
Example: 
IP address 1.2.3.4 can have following entries in the DNS configuration file

www.foo.com CNAME foo.com
foo.com A 1.2.3.4
mail.foo.com A 1.2.3.4
goo.com A 1.2.3.4

An user or a penetration tester,that needs to test the security of the IP address 1.2.3.4 machine needs ti know all his host names.

Here the purpose of the hostmap is to discover all the registered DNS hostname or virtual names inorder to get the better knowledge of the target machine.


USE THIS TOOL FOR LEGAL PURPOSES ONLY!

The major features of Hostmap are:
  * DNS names and virtual hosts enumeration
  * Multiple discovery techniques
  * Results correlation, aggregation and normalization
  * Multithreaded and event based engine
  * Platform independent

Installation:
Download hostmap from here
Untar the package and type following command to start host-name discoveries: 
ruby hostmap.rb -t 192.168.1.1 and you should see something similar to ....



0 comments:

Post a Comment