Sha256: 89743403c4d17ad39bd05a829c4ff2f484bd4dd0e91b8ef51855c75ac01a084e

Contents?: true

Size: 1.95 KB

Versions: 6

Compression:

Stored size: 1.95 KB

Contents

# frozen_string_literal: true

##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
WhatWeb::Plugin.define "X-Host" do
  @author = "Brendan Coles <bcoles@gmail.com>" # 2011-01-08
  @version = "0.1"
  @description = "This plugin retrieves the X-Host, X-HostName, X-Host-Name and X-Host-IP value from the HTTP header."

  # About 957 ShodanHQ results for X-Host @ 2011-01-08
  # About 20 ShodanHQ results for X-Host-Name @ 2011-01-08

  # Passive #
  def passive(target)
    m = []

    # X-Host HTTP Header
    # Apache picks the X-Host header over the Host header, so if there are
    # two different virtual hosts, origin.example.com and www.example.com,
    # the request ends up at www.example.com instead of the intended
    # origin.example.com.
    # http://www.alphastate.com/x-host-vs-host-headers-in-apache
    m << { string: target.headers["x-host"].to_s } unless target.headers["x-host"].nil?

    # X-Host-Name HTTP Header
    m << { string: target.headers["x-host-name"].to_s } unless target.headers["x-host-name"].nil?

    # X-HostName HTTP Header
    m << { string: target.headers["x-hostname"].to_s } unless target.headers["x-hostname"].nil?

    # X-Host-IP HTTP Header
    # WonderProxy is the only software known to use this header however
    # there are no ShodanHQ results for "X-Host-IP" so this is unconfirmed.
    # Please let me know if you can confirm otherwise. bcoles@gmail.com
    # "We're planning to roll out a new feature allowing customers to
    # inject a hosts file onto the proxy server of their choice to allow
    # server selection through a web interface."
    # http://blog.preinheimer.com/index.php?/archives/349-X-Host-IP.html
    m << { string: target.headers["x-host-ip"].to_s, module: "WonderProxy" } unless target.headers["x-host-ip"].nil?

    m
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
simple_whatweb-0.4.1 lib/whatweb/plugins/x-host.rb
simple_whatweb-0.4.0 lib/whatweb/plugins/x-host.rb
simple_whatweb-0.3.0 lib/whatweb/plugins/x-host.rb
simple_whatweb-0.2.1 lib/whatweb/plugins/x-host.rb
simple_whatweb-0.2.0 lib/whatweb/plugins/x-host.rb
simple_whatweb-0.1.0 lib/whatweb/plugins/x-host.rb