1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
Plugin.define "X-Host" do
author "Brendan Coles <bcoles@gmail.com>" # 2011-01-08
version "0.1"
description "This plugin retrieves the X-Host, X-HostName, X-Host-Name and X-Host-IP value from the HTTP header."
# About 957 ShodanHQ results for X-Host @ 2011-01-08
# About 20 ShodanHQ results for X-Host-Name @ 2011-01-08
# Passive #
def passive
m=[]
# X-Host HTTP Header
# Apache picks the X-Host header over the Host header, so if there are
# two different virtual hosts, origin.example.com and www.example.com,
# the request ends up at www.example.com instead of the intended
# origin.example.com.
# http://www.alphastate.com/x-host-vs-host-headers-in-apache
m << { :string=>@headers["x-host"].to_s } unless @headers["x-host"].nil?
# X-Host-Name HTTP Header
m << { :string=>@headers["x-host-name"].to_s } unless @headers["x-host-name"].nil?
# X-HostName HTTP Header
m << { :string=>@headers["x-hostname"].to_s } unless @headers["x-hostname"].nil?
# X-Host-IP HTTP Header
# WonderProxy is the only software known to use this header however
# there are no ShodanHQ results for "X-Host-IP" so this is unconfirmed.
# Please let me know if you can confirm otherwise. bcoles@gmail.com
# "We're planning to roll out a new feature allowing customers to
# inject a hosts file onto the proxy server of their choice to allow
# server selection through a web interface."
# http://blog.preinheimer.com/index.php?/archives/349-X-Host-IP.html
m << { :string=>@headers["x-host-ip"].to_s, :module=>"WonderProxy" } unless @headers["x-host-ip"].nil?
m
end
end
|
