[Owasp-testing] Using Live Search to Discover Virtual Hosts

christian.heinrich at cmlh.id.au christian.heinrich at cmlh.id.au
Mon Jun 9 01:52:16 EDT 2008


To quote the OWASP Testing Guide v2 "4.2.3 Spidering and Googling" [1]:


Using a search engine to discover virtual hosts 

Live.com, another well-known search engine (see link at the bottom of the
page), provides the "ip" operator, which returns all the pages that are
known to belong to a certain IP address. This is a very useful technique to
find out which virtual hosts are configured on the tested server. For
instance, the following query will return all indexed pages belonging to the
domain owasp.org: 



I believe this quote has some relation to the "Application Discovery" [2]
sub section of the OWASP Testing Guide v3.  

Therefore, can you consider creating a "Bridging" sub section between
"Search Engine Discovery" and "Application Discovery" within the OWASP
Testing Guide v3?

There are other techniques, such as mining TCP Ports, e-mail addresses, etc
with Search Engines which would also be relevant to this "Bridging" sub
section future versions of the OWASP Testing Guide.

[1] http://www.owasp.org/index.php/Testing:_Spidering_and_googling
[2] https://www.owasp.org/index.php/Testing_for_Application_Discovery

Christian Heinrich
OWASP Individual Member
Sydney, Australia Chapter

More information about the Owasp-testing mailing list