> ## Documentation Index
> Fetch the complete documentation index at: https://trickest.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Probe for Web Servers

> Probe for web servers on a list of hostnames, IP addresses, or IP ranges

export const ModuleOverview = ({category, inputs, outputs, author, createdDate, iframeUrl, long_description}) => <div style={{
  backgroundColor: 'var(--background-card)',
  borderRadius: '16px',
  padding: '32px',
  boxShadow: '0 8px 32px rgba(0, 0, 0, 0.08)'
}}>
    <div style={{
  width: '100%',
  height: '600px',
  backgroundColor: 'var(--background-default)',
  borderRadius: '16px',
  overflow: 'hidden',
  border: '1px solid var(--border-default)',
  marginBottom: '24px',
  position: 'relative'
}}>
      <div style={{
  width: '100%',
  height: '100%'
}}>
        <div className="p-2 not-prose relative bg-gray-50/50 rounded-xl overflow-hidden dark:bg-gray-800/25" style={{
  width: '100%',
  height: '100%'
}}>
          <div className="absolute inset-0 bg-grid-neutral-200/20 [mask-image:linear-gradient(0deg,#fff,rgba(255,255,255,0.6))] dark:bg-grid-white/5 dark:[mask-image:linear-gradient(0deg,rgba(255,255,255,0.1),rgba(255,255,255,0.5))]" style={{
  backgroundPosition: '10px 10px'
}}></div>
          <div className="relative rounded-lg overflow-hidden flex justify-center" style={{
  width: '100%',
  height: '100%'
}}>
            <iframe src={iframeUrl} scrolling="no" style={{
  position: 'absolute',
  top: 0,
  left: 0,
  width: '100%',
  height: '100%',
  border: 'none',
  overflow: 'hidden'
}} title="Module Preview" />
          </div>
          <div className="absolute inset-0 pointer-events-none border border-black/5 rounded-xl dark:border-white/5"></div>
        </div>
      </div>
    </div>

    <div style={{
  display: 'flex',
  justifyContent: 'space-between',
  alignItems: 'center',
  marginBottom: '24px'
}}>
      <div style={{
  display: 'flex',
  gap: '16px',
  alignItems: 'center'
}}>
        <span style={{
  background: 'linear-gradient(135deg, #00a3ff, #0065ff)',
  color: 'white',
  padding: '8px 16px',
  borderRadius: '24px',
  fontSize: '0.875rem',
  fontWeight: '600',
  textTransform: 'uppercase'
}}>
          {category}
        </span>
      </div>
      
      <div style={{
  display: 'flex',
  gap: '24px',
  alignItems: 'center'
}}>
        <div>
          <p style={{
  color: 'var(--text-secondary)',
  fontSize: '0.875rem',
  margin: 0
}}>Created by</p>
          <p style={{
  color: 'var(--text-primary)',
  fontWeight: '500',
  margin: 0
}}>{author}</p>
        </div>
        <div style={{
  width: '1px',
  height: '32px',
  backgroundColor: 'var(--border-default)'
}} />
        <div>
          <p style={{
  color: 'var(--text-secondary)',
  fontSize: '0.875rem',
  margin: 0
}}>Last updated</p>
          <p style={{
  color: 'var(--text-primary)',
  fontWeight: '500',
  margin: 0
}}>
            {new Date(createdDate).toLocaleDateString()}
          </p>
        </div>
      </div>
    </div>

    <p style={{
  color: 'rgba(163, 179, 188, 0.8)',
  fontSize: '1rem',
  margin: '0 0 24px 0',
  lineHeight: '1.6'
}}>
      {long_description}
    </p>

    <div style={{
  display: 'grid',
  gridTemplateColumns: '1fr 1fr',
  gap: '32px'
}}>
      <div>
        <h3 style={{
  fontSize: '1.25rem',
  fontWeight: '600',
  color: 'var(--text-primary)',
  marginBottom: '16px',
  display: 'flex',
  alignItems: 'center',
  gap: '8px'
}}>
          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor">
            <path d="M5 12h14M12 5l7 7-7 7" />
          </svg>
          Input Parameters
        </h3>
        <div style={{
  display: 'flex',
  flexDirection: 'column',
  gap: '12px'
}}>
          {Object.entries(inputs).map(([key, value]) => <div key={key} style={{
  padding: '16px',
  backgroundColor: 'var(--background-default)',
  borderRadius: '12px',
  border: '1px solid var(--border-default)'
}}>
              <ParamField query={key} type={value.type.toLowerCase()} optional={!value.visible} required={value.visible}>
                <span style={{
  fontSize: '0.95rem',
  color: 'var(--text-secondary)',
  lineHeight: '1.5'
}}>
                  {value.description}
                </span>
              </ParamField>
            </div>)}
        </div>
      </div>

      <div>
        <h3 style={{
  fontSize: '1.25rem',
  fontWeight: '600',
  color: 'var(--text-primary)',
  marginBottom: '16px',
  display: 'flex',
  alignItems: 'center',
  gap: '8px'
}}>
          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor">
            <circle cx="12" cy="12" r="10" /><path d="M8 12h8" />
          </svg>
          Outputs
        </h3>
        <div style={{
  display: 'flex',
  flexWrap: 'wrap',
  gap: '6px'
}}>
          {outputs.map((output, index) => <span key={index} style={{
  background: 'rgba(255, 107, 0, 0.1)',
  borderRadius: '6px',
  padding: '2px 8px',
  fontSize: '0.7rem',
  display: 'inline-flex',
  alignItems: 'center',
  gap: '4px',
  color: '#ff6b00',
  border: '1px solid rgba(255, 107, 0, 0.2)'
}}>
              {output}
            </span>)}
        </div>
      </div>
    </div>
  </div>;

<ModuleOverview
  category="Attack Surface Management"
  inputs={ {
"hosts": {
"name": "hosts",
"type": "FILE",
"visible": true,
"description": "List of hostnames/IP addresses/IP ranges",
},
"header": {
"name": "header",
"type": "STRING",
"visible": false,
"description": "Header(s) to include in HTTP requests",
},
"header-file": {
"name": "header-file",
"type": "FILE",
"visible": false,
"description": "Header(s) to include in HTTP requests",
},
}}
  outputs={[ 
"web-servers",
"web-server-details",
"subdomains",
"subdomain-details",
"potential-hostnames",
"potential-hostname-details",
"subdomain-wildcards",
"subdomain-wildcard-details",
"potential-hostname-wildcards",
"potential-hostname-wildcard-details"
]}
  author="trickest-mhmdiaa"
  createdDate="2024-07-04"
  iframeUrl="https://editor.trickest.io/preview?workflow_url=https://trickest-public-workflow.s3.eu-central-1.amazonaws.com/c3847326-8ece-4348-a0fc-c18dfc850c85.json"
/>

# Probe for Web Servers

## Description

Probe for web servers on several common HTTP ports and collect relevant details about each discovered server. This module checks a list of common HTTP ports and gathers information including HTML titles, redirects, content lengths, favicons, TLS data, and more. You can supply hostnames, IP addresses, or IP ranges.

## Features

* Enriches discovered hosts with **useful data to guide prioritization** and help identify patterns.
* Capable of processing **tens of thousands of hosts** simultaneously.
* Supports **hostnames, IP addresses, and IP ranges**.
* Probes the **most statistically likely ports** to have HTTP servers, balancing speed and thoroughness.
* Discovers **additional hostnames** associated with the target organization.

## Inputs

### Required

* **hosts**: a list of hostnames, IP addresses, or IP ranges

```
dashboard.example.com
1.2.3.4
5.6.7.8/24
```

### Optional

* **header**: Header(s) to include in HTTP requests
* **header-file**: File with header(s) to include in HTTP requests

## Outputs

* **web-servers**: List of web server URLs.

```
https://dashboard.example.com
http://1.2.3.4
http://5.6.7.10:8080
```

* **web-server-details**: JSONLines records of web server details.

```
{"timestamp":"2024-01-01T11:11:11.111111111Z","port":443,"url":"https://dashboard.example.com","input":"dashboard.example.com","scheme":"https","webserver":"cloudflare","method":"GET","host":"1.2.3.4","path":"/","favicon_path":"/favicon.ico","time":"133.7ms","a":["1.2.3.4","1.2.3.4"],"words":7331,"lines":1337,"status_code":200,"cdn":true,"cdn_name":"cloudflare","tls_host":"dashboard.example.com","tls_port":"443","tls_probe_status":true,"tls_version":"tls13","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_not_before":"2021-3-3T07:00:00Z","tls_not_after":"2027-3-3T07:00:00Z","tls_subject_dn":"CN=*.example.com, O=Example\\, Inc., L=San Francisco, ST=California, C=US","tls_subject_cn":"*.example.com","tls_subject_org":["Example, Inc."],"tls_subject_an":["*.example.com","example.com"],"tls_issuer_dn":"CN=Acme TLS RSA SHA256 2020 CA1, O=Acme Inc, C=US","tls_issuer_cn":"Acme TLS RSA SHA256 2020 CA1","tls_issuer_org":["Acme Inc"],"tls_fingerprint_hash_md5":"9ff41ab3d13b2386ad77fa0b1f058f4f","tls_fingerprint_hash_sha1":"9dc28cb216b46bee01eeaeb5d4ff5906bbba582b","tls_fingerprint_hash_sha256":"324db4e227d9b5fb5dc175d7b4bb984705b9f4ec07a36bfe2fd4df79a965961e","tls_wildcard_certificate":true,"tls_connection":"ctls","tls_sni":"dashboard.example.com","headers":["Cf-Cache-Status: DYNAMIC","Server: cloudflare"]}
```

* **subdomains**: List of discovered subdomains.

```
foo.example.com
bar.example.com
baz.example.com
```

* **subdomain-details**: JSONLines records of subdomain discovery details.

```json theme={null}
{"hostname": "foo.example.com", "domain_name": "example.com", "data_source": "http response", "context": "http redirecrt", "linked_asset": "http://1.2.3.4"}
{"hostname": "bar.example.com", "domain_name": "example.com", "data_source": "http response", "context": "content security policy (csp)", "linked_asset": "http://5.6.7.10:8080"}
{"hostname": "baz.example.com", "domain_name": "example.com", "data_source": "tls certificate", "context": "tls subject alternative name (san)", "linked_asset": "https://dashboard.example.com"}
```

* **potential-hostnames**: List of related hostnames outside the strict scope.

```
foo.example-internal.com
bar.example-subsidiary.com
baz.example-service-provider.net
```

* **potential-hostname-details**: JSONLines records of potential hostname discovery details.

```json theme={null}
{"hostname": "foo.example-internal.com", "domain_name": "example.com", "data_source": "http response", "context": "http redirecrt", "linked_asset": "http://1.2.3.4"}
{"hostname": "bar.example-subsidiary.com", "domain_name": "example.com", "data_source": "http response", "context": "content security policy (csp)", "linked_asset": "http://5.6.7.10:8080"}
{"hostname": "baz.example-service-provider.net", "domain_name": "example.com", "data_source": "tls certificate", "context": "tls subject alternative name (san)", "linked_asset": "https://dashboard.example.com"}
```

* **subdomain-wildcards**: List of discovered subdomain wildcards.

```
*.internal.example.com
```

* **subdomain-wildcard-details**: JSONLines records of subdomain wildcard discovery details.

```json theme={null}
{"hostname": "*.internal.example.com", "domain_name": "example.com", "data_source": "tls certificate", "context": "tls common name (cn)", "linked_asset": "https://dashboard.example.com"}
```

* **potential-hostname-wildcards**: List of related hostnames with wildcards outside the strict scope.

```
*.proxy.example-corp.com
```

* **potential-hostname-wildcard-details**: JSONLines records of potential hostname wildcard discovery details.

```json theme={null}
{"hostname": "*.proxy.example-corp.com", "domain_name": "example.com", "data_source": "tls certificate", "context": "tls common name (cn)", "linked_asset": "https://dashboard.example.com"}
```

**Note**: The `*-details` outputs may contain duplicates if a hostname was discovered through multiple sources.

## Changelog

* v1.0.0
  * Initial release
* v1.1.0
  * Improved handling of cases where a live web server redirects to a non-existent or unreachable host.
  * Enhanced overall detection accuracy with a more advanced retry mechanism.
  * Adjusted port scan logic to scan only ports 80 and 443 for hosts behind cloud WAFs or CDNs.
  * Added filters to exclude responses with protocol mismatches.
* v1.1.1
  * Preserve existing paths and queries from the input, if present.
* v1.1.2
  * Added `header` and `header-file` inputs
