hostmap 0.2 released

Posted on December 17, 2009 in Tools • Tagged with hostmap, virtual host • 1 min read

I am glad to release hostmap version 0.2.


hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby and licensed under GNU General Public License version 3 (GPLv3). It’s goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.


Some of the new features include:

  • Fully refactored and rewritten in Ruby.
  • User requested interrupt (CTRL+C) now is handled.
  • Added Rakefile to automatize task. For example readme and API documentation rebuilding.
  • Changed info gathering plugin …

Continue reading

Virtual host and DNS names enumeration techniques

Posted on January 24, 2009 in Research • Tagged with discovery, dns alias, dns name, enumeration, hostmap, virtual host • 3 min read

Table of Contents

1. Why you need to enumerate
2. Techniques
2.1 DNS enumeration techniques
2.2 Banner grabbing
2.3 SSL/TLS Protocol enumeration techniques
2.4 HTTP Protocol enumeration techniques
2.5 Passive web enumeration techniques
2.6 Active web enumeration techniques

1. Why you need to enumerate

The host name discovery phase is an information gathering act to get a complete and detailed view of target resources and attack points.

During an attack or a penetration test, the attacker needs to known  as much information as possible about the entry points to attack. An entry point …

Continue reading