Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.
Different web servers may be hosted on name-based virtual hosts.
{"id": "ALTERNATE_HOSTNAMES.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Additional DNS Hostnames", "description": "Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.\n\nDifferent web servers may be hosted on name-based virtual hosts.", "published": "2010-04-29T00:00:00", "modified": "2020-06-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/46180", "reporter": "This script is Copyright (C) 2010-2020 Tenable Network Security, Inc.", "references": ["https://en.wikipedia.org/wiki/Virtual_hosting"], "cvelist": [], "immutableFields": [], "lastseen": "2021-08-19T13:04:32", "viewCount": 274, "enchantments": {"dependencies": {"references": []}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "nessus", "idList": ["WEBMIRROR.NASL"]}]}, "exploitation": null, "vulnersScore": -0.2}, "pluginID": "46180", "sourceData": "#TRUSTED 5354268f6ec25d04ac37a2aff77583c738f21e96c00e775a56e1f91a2fafdca499ff023b4486cb0b7fd1a53d77e5357c9ce9155c3043c6ec12abe3ab1c6f0d077703e26739d60c4df6dce594e1799c89e7508ae2f1a4f77225ccb3e51b81d2b7a8090669e70a48ed9ed41763940c50e6914f6b7ecf5c2da5dd387473f6559ecdce4940d6291c3efb682800b28adece635f12b5b16f2a1f5fb0c1a3d82cc812b4d49bd4560442ecf37d5702baba2b36ab9e3fa8750948d2b2c88cda8d4125ce286770850661df807c77aedc644148d68de92a6fdec6c8918e86899734187fe216e3d5c84ced4f6a2354f98dc6500b80d77bbb0ac4c96dace7c70bc950c7ba08ff300eb0eb284a9bf131ba70b5c162d79b30e0aa1636afbf3d298c39e9ec4e509103b7373ae10f1d1a1370cd96281f50e39f41d043e32e356fa76aff645794f9a9e9b5fa1621e71410f0891e255ac28a3aa33a618f7f13a71b9b1b11cc38b6322e2526c35e79d08afe2e2771ae2ed6022de3fe99b03be4fa052fdbbdbdf785f0f637aa3b8e9490b8310bb7f7b70f76839a2d2c5ccf7e833a12506ead180ae63fe032070863b23efba78758c71d8166d4037ec5bb8a570df53cd9d3502eeeda08422f8cf1fd7e212bd1f3aeef297e531b6ad6333bd7da9d2df8994256fc6dbbf03bda071aff3160b744cb69bce86a4c0f2c314ca35184fe0f9dcc9e4802546005d7\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# This plugin uses data collected by webmirror.nasl and others.\n\nif ( NASL_LEVEL < 4200 ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(46180);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_name(english:\"Additional DNS Hostnames\");\n script_summary(english:\"Reports all found vhosts.\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"Nessus has detected potential virtual hosts.\");\n script_set_attribute(attribute:\"description\", value:\n\"Hostnames different from the current hostname have been collected by\nmiscellaneous plugins. Nessus has generated a list of hostnames that\npoint to the remote host. Note that these are only the alternate\nhostnames for vhosts discovered on a web server.\n\nDifferent web servers may be hosted on name-based virtual hosts.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://en.wikipedia.org/wiki/Virtual_hosting\");\n script_set_attribute(attribute:\"solution\", value:\n\"If you want to test them, re-scan using the special vhost syntax,\nsuch as :\n\nwww.example.com[192.0.32.10]\");\n script_set_attribute(attribute:\"risk_factor\", value: \"None\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2020 Tenable Network Security, Inc.\");\n script_family(english:\"General\");\n script_dependencie(\"webmirror.nasl\", \"ssl_cert_CN_mismatch.nasl\", \"bind_hostname.nasl\", \"netbios_name_get.nasl\");\n script_require_keys(\"Services/www\");\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"resolv_func.inc\");\n\nglobal_var\tname, seen, tested, report, nb, domain;\n\nfunction test(h)\n{\n h = tolower(h);\n if (h != name && ! seen[h])\n {\n seen[h] = 1; tested ++;\n if (is_same_host(a: h))\n {\n report = strcat(report, ' - ', h, '\\n');\n set_kb_item(name:\"Host/alt_name\", value: h);\n nb ++;\n }\n }\n\n if (domain && \".\" >!< h)\n {\n h = h + domain;\n if (h != name && ! seen[h])\n {\n seen[h] = 1; tested ++;\n if (is_same_host(a: h))\n {\n report = strcat(report, ' - ', h, '\\n');\n set_kb_item(name:\"Host/alt_name\", value: h);\n nb ++;\n }\n }\n }\n}\n\nwww = get_kb_list(\"Services/www\");\nif ( isnull(www) ) exit(0, \"No web server was found.\");\n\nbegin = unixtime();\n\nname = get_host_name(); name = tolower(name);\nip = get_host_ip();\n\nreport = \"\"; n = 0; tested = 0;\nseen = make_array(name, 1, ip, 1);\n\nh = rand_str(); tested ++;\nif (is_same_host(a: h)) exit(1, \"The resolver is broken.\");\n\n# Hostnames found by the web crawler.\nl = get_kb_list(\"webmirror/*/hosts\");\nif (! isnull(l))\n foreach h (make_list(l))\n test(h: h);\n\n# Extract domain name (with a leading dot)\ndomain = NULL;\nif (name != ip)\n{\n v = eregmatch(string: name, pattern: \"^([^.]+)(\\..+\\.?)$\");\n if (! isnull(v))\n {\n domain = tolower(v[2]);\n h = rand_str(charset:\"abcdefghijklmnopqrstuvwxy\", length:6); tested ++;\n if (is_same_host(a: h + domain))\n {\n if (debug_level > 0) display(\"DNS wildcard on domain \"+domain);\n domain = NULL;\n }\n }\n}\n\n# BIND hostname, SMB name ...\nforeach k (make_list(\"bind/hostname\", \"SMB/name\"))\n{\n h = get_kb_item(k);\n if (! isnull(h)) test(h: h);\n}\n\n# CN from X509 certificates.\nnames = make_list();\nl = get_kb_list(\"X509/*/CN\");\nif (! isnull(l)) names = make_list(names, l);\nl = get_kb_list(\"X509/*/altName\");\nif (! isnull(l)) names = make_list(names, l);\nl = NULL;\n\nforeach h (names) test(h: h);\n\n# Banners from services.\nl = get_kb_list(\"*/banner/*\");\nif (! isnull(l))\n{\n l = make_list(l);\n foreach banner (l)\n {\n if (strlen(banner) > 200) continue;\n foreach line (split(banner, keep: 0))\n {\n while (line != \"\")\n {\n v = eregmatch(string: line, icase: 1, pattern: \"(^|[ :,;@])(([a-z_][a-z0-9_-]*)(\\.[a-z_][a-z0-9_-]*)*)(.*)\" );\n if (isnull(v)) break;\n\ttest(h: v[2]);\n\tline = v[5];\n }\n }\n }\n l = NULL;\n}\n\n# Brute force.\nif (domain)\n{\n now = unixtime();\n # Name resolutions take less than 1 s?\n if (now - begin <= tested)\n {\n l = make_list( \"smtp\", \"mta\", \"pop\", \"imap\", \"pop2\", \"pop3\", \n\"ads\", \"backend\", \"blog\", \"blogs\", \"bugs\", \"careers\", \n\"cgi\", \"commumity\", \"communities\", \"connect\", \"corporate\", \"developer\", \n\"docs\", \"download\", \"downloadcenter\", \"downloads\", \"forum\", \"global\", \n\"investor\", \"investors\", \"jobs\", \"list\", \"lists\", \"mail\", \"media\", \"my\", \n\"news\", \"press\", \"public\", \"remote\", \"remote-access\", \"research\", \"resources\",\n\"search\", \"services\", \"shopping\", \"software\", \"store\", \"stores\", \"support\", \n\"supportcentral\", \"video\", \"videos\", \"vpn\", \"vpnaccess\", \"webmail\", \"welcome\",\n\"www1\", \"www2\");\n foreach h (l)\n {\n h += domain;\n test(h: h);\n }\n l = NULL;\n }\n}\n\nif (nb == 0) exit(0, \"No new DNS hostname was found.\");\nreport = 'The following hostnames point to the remote host :\\n' + report;\nsecurity_note(port:0, extra:report);\nif (COMMAND_LINE) display(report, '\\n');\n", "naslFamily": "General", "cpe": [], "solution": "If you want to test them, re-scan using the special vhost syntax, such as :\n\nwww.example.com[192.0.32.10]", "nessusSeverity": "Info", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}