I'm trying to identify virtual hosts with Nmap, command:
nmap --script http-vhosts -p80 {ip}
Nmap identifies a number of hosts. But how do I get the actual host names that are found? Now nmap only prints "128 names had status 200".
Asked
Active
Viewed 204 times
1
-
nmap -v --script http-vhosts -p80 {ip} – gapsf Aug 27 '22 at 14:37
1 Answers
0
Read the documentation for Script http-vhosts:
Script Arguments
http-vhosts.collapseThe limit to start collapsing results by status code. Default 20
As the 128 names is more than the default 20, the results will be collapsed; you need to set this argument to be over 128.
How to use the NSE scripts arguments?
Read the The Official Nmap Project Guide to Network Discovery and Security Scanning; Nmap Network Scanning > Chapter 9. Nmap Scripting Engine > Usage and Examples > Arguments to Scripts:
Arguments may be passed to NSE scripts using the
--script-argsoption. The arguments describe a table of key-value pairs and possibly array values. - -The syntax for script arguments is similar to Lua's table constructor syntax. Arguments are a comma-separated list of name=value pairs. Names and values may be strings not containing whitespace or the characters
{,},=, or,. To include one of these characters in a string, enclose the string in single or double quotes. Within a quoted string,\escapes a quote. A backslash is only used to escape quotation marks in this special case; in all other cases a backslash is interpreted literally.
nmap --script http-vhosts --script-args http-vhosts.collapse=200 -p80 {ip}
Esa Jokinen
- 46,944
- 3
- 83
- 129