If you import XML results from an nmap scan, scrying will iterate through open ports and addresses, but makes the connection to the IP address rather than to the hostname, which can matter to web servers for serving the right domain (e.g. virtual hosts). It can also matter for TLS SNI, loadbalancers, etc. and other middleware that can route requests differently).
The nmap XML contains the hostname but this information is ignored.
It would be nice to have the option to do prefer hostnames, and to optionally be able to iterate both hostnames and address.
The nmap XML contains extra information like subject alternative names from certificates as well. But extracting this may be getting too out of scope.
If you import XML results from an nmap scan, scrying will iterate through open ports and addresses, but makes the connection to the IP address rather than to the hostname, which can matter to web servers for serving the right domain (e.g. virtual hosts). It can also matter for TLS SNI, loadbalancers, etc. and other middleware that can route requests differently).
The nmap XML contains the hostname but this information is ignored.
It would be nice to have the option to do prefer hostnames, and to optionally be able to iterate both hostnames and address.
The nmap XML contains extra information like subject alternative names from certificates as well. But extracting this may be getting too out of scope.