Closed GoogleCodeExporter closed 9 years ago
This could also check for http versions of https sites, which would be very
handy :)
Original comment by psii...@gmail.com
on 14 Mar 2013 at 8:58
I like this idea, however, I think it would be prudent to ensure that such a
feature is not on by default (or only does look-ups and not trigger any active
testing without explicit interaction/direction).
Often there are very specific in-scope and out-of-scope things for VA or
PenTest projects. Simply identifying things via DNS or other public info isn't
a big deal but it could be a big deal to test a sub-domain which isn't actually
in-scope of a contract etc.
So even if "target" is in-scope that doesn't necessarily mean that
mobile.target, m.target, or target.mobi, etc are.
The original request might be facilitated by integration with a tool such as
Fierce Domain Scan (http://ha.ckers.org/fierce/).
If you're going to build something new to accomplish this then I suggest:
1) Try a zone transfer (obvious).
2) Do forward and reverse look-ups (names to IPs and IPs back to names
sometimes gives you different details).
3) Try brute forcing with a list, similar to Forced Browsing (provide default
lists but also allow custom lists). There is a Netcraft survey which provides a
list of top 100 Internet Host Names (the original source nw.com now redirects
elsewhere however a copy of the original is available via the 'way back
machine'
http://web.archive.org/web/20090305043104/http://nw.com/zone/WWW/firstnames.html
).
4) Do look-ups via various online IP or Domain neighbor tools. (Only look-ups,
don't want to test something we shouldn't.)
Original comment by kingtho...@gmail.com
on 14 Mar 2013 at 2:24
The following might be of interest to whoever tackles this:
https://code.google.com/p/jsmbscanner/source/browse/
http://docs.oracle.com/javase/7/docs/api/java/net/InetAddress.html
Tagging as IdealFirstBug, now that Psiinon has (or is about to) publish an
intro to writing extensions it "should" be fairly easy for someone to add at
least some of this functionality.
Original comment by kingtho...@gmail.com
on 13 Jul 2014 at 8:58
psiinon I'm going to break off your request to check http access for https
content as an active scan plugin.
Original comment by kingtho...@gmail.com
on 7 Aug 2014 at 11:28
Per previous comment see issue 1295.
Original comment by kingtho...@gmail.com
on 7 Aug 2014 at 11:30
Original comment by psii...@gmail.com
on 3 Dec 2014 at 4:37
Original comment by dan.mart...@gmail.com
on 4 Dec 2014 at 8:21
ZAP has been migrated to github
This issue will be on github issues with the same ID:
https://github.com/zaproxy/zaproxy/issues
Original comment by psii...@gmail.com
on 5 Jun 2015 at 9:17
Original issue reported on code.google.com by
gr...@buguroo.com
on 14 Mar 2013 at 8:52