(self, service)
| 20 | self.match_service_name('^nacn_http$', negative_match=True) |
| 21 | |
| 22 | async def run(self, service): |
| 23 | hostnames = [] |
| 24 | if self.get_option('hostname'): |
| 25 | hostnames.append(self.get_option('hostname')) |
| 26 | if service.target.type == 'hostname' and service.target.address not in hostnames: |
| 27 | hostnames.append(service.target.address) |
| 28 | if self.get_global('domain') and self.get_global('domain') not in hostnames: |
| 29 | hostnames.append(self.get_global('domain')) |
| 30 | |
| 31 | if len(hostnames) > 0: |
| 32 | for wordlist in self.get_option('wordlist'): |
| 33 | name = os.path.splitext(os.path.basename(wordlist))[0] |
| 34 | for hostname in hostnames: |
| 35 | try: |
| 36 | wildcard = requests.get( |
| 37 | ('https' if service.secure else 'http') + '://' + service.target.address + ':' + str(service.port) + '/', |
| 38 | headers={'Host': ''.join(random.choice(string.ascii_letters) for _ in range(20)) + '.' + hostname}, |
| 39 | verify=False, |
| 40 | allow_redirects=False |
| 41 | ) |
| 42 | size = str(len(wildcard.content)) |
| 43 | except requests.exceptions.RequestException as e: |
| 44 | service.error(f"[!] Wildcard request failed for {hostname}: {e}") |
| 45 | continue |
| 46 | |
| 47 | await service.execute( |
| 48 | 'ffuf -u {http_scheme}://' + hostname + ':{port}/ -t ' + str(self.get_option('threads')) + |
| 49 | ' -w ' + wordlist + ' -H "Host: FUZZ.' + hostname + '" -mc all -fs ' + size + |
| 50 | ' -r -noninteractive -s | tee "{scandir}/{protocol}_{port}_{http_scheme}_' + hostname + '_vhosts_' + name + '.txt"' |
| 51 | ) |
| 52 | else: |
| 53 | service.info('The target was not a hostname, nor was a hostname provided as an option. Skipping virtual host enumeration.') |
nothing calls this directly
no test coverage detected