Probe for Web Servers
Probe for web servers on a list of hostnames, IP addresses, or IP ranges
Outputs
web-serversweb-server-detailssubdomainssubdomain-detailspotential-hostnamespotential-hostname-detailssubdomain-wildcardssubdomain-wildcard-detailspotential-hostname-wildcardspotential-hostname-wildcard-details
Probe for Web Servers
Description
Probe for web servers on several common HTTP ports and collect relevant details about each discovered server. This module checks a list of common HTTP ports and gathers information including HTML titles, redirects, content lengths, favicons, TLS data, and more. You can supply hostnames, IP addresses, or IP ranges.
Features
- Enriches discovered hosts with useful data to guide prioritization and help identify patterns.
- Capable of processing tens of thousands of hosts simultaneously.
- Supports hostnames, IP addresses, and IP ranges.
- Probes the most statistically likely ports to have HTTP servers, balancing speed and thoroughness.
- Discovers additional hostnames associated with the target organization.
Inputs
Required
- hosts: a list of hostnames, IP addresses, or IP ranges
Outputs
- web-servers: List of web server URLs.
- web-server-details: JSONLines records of web server details.
- subdomains: List of discovered subdomains.
- subdomain-details: JSONLines records of subdomain discovery details.
- potential-hostnames: List of related hostnames outside the strict scope.
- potential-hostname-details: JSONLines records of potential hostname discovery details.
- subdomain-wildcards: List of discovered subdomain wildcards.
- subdomain-wildcard-details: JSONLines records of subdomain wildcard discovery details.
- potential-hostname-wildcards: List of related hostnames with wildcards outside the strict scope.
- potential-hostname-wildcard-details: JSONLines records of potential hostname wildcard discovery details.
Note: The *-details
outputs may contain duplicates if a hostname was discovered through multiple sources.
Changelog
- v1.0.0
- Initial release
- v1.1.0
- Improved handling of cases where a live web server redirects to a non-existent or unreachable host.
- Enhanced overall detection accuracy with a more advanced retry mechanism.
- Adjusted port scan logic to scan only ports 80 and 443 for hosts behind cloud WAFs or CDNs.
- Added filters to exclude responses with protocol mismatches.
- v1.1.1
- Preserve existing paths and queries from the input, if present.