Added redirect hostname discovery plugin with optional /etc/hosts update and duplicate checks in /etc/hosts

2025-06-13 00:48:26 +05:30 · 2025-06-13 00:48:26 +05:30 · 5ae8403a0e
parent 2e58fbcbd5
commit 5ae8403a0e
11 changed files with 77 additions and 39 deletions
--- a/autorecon/default-plugins/hostname-discovery.py
+++ b/autorecon/default-plugins/hostname-discovery.py
@ -1,39 +0,0 @@
-from autorecon.plugins import ServiceScan
-import requests
-from urllib.parse import urlparse
-import urllib3
-
-urllib3.disable_warnings()
-
-class RedirectHostnameDiscovery(ServiceScan):
-
-	def __init__(self):
-		super().__init__()
-		self.name = 'Redirect Hostname Discovery'
-		self.slug = 'redirect-host-discovery'
-		self.tags = ['default', 'http', 'quick']
-
-	def configure(self):
-		self.match_service_name('^http')
-		self.match_service_name('^nacn_http$', negative_match=True)
-
-	async def run(self, service):
-		try:
-			url = f"{'https' if service.secure else 'http'}://{service.target.address}:{service.port}/"
-			resp = requests.get(url, verify=False, allow_redirects=False)
-
-			if 'Location' in resp.headers:
-				location = resp.headers['Location']
-				parsed = urlparse(location)
-				redirect_host = parsed.hostname
-
-				if redirect_host:
-					service.info(f"[+] Redirect detected: {url} → {location}")
-					service.info(f"[+] Hostname found in redirect: {redirect_host}")
-				else:
-					service.info(f"[+] Redirect detected, but no hostname could be parsed: {location}")
-			else:
-				service.info(f"[-] No redirect detected at {url}")
-
-		except Exception as e:
-			service.error(f"[!] Error during redirect check on {service.target.address}:{service.port} — {e}")
--- a/autorecon/default-plugins/redirect-host-discovery.py
+++ b/autorecon/default-plugins/redirect-host-discovery.py
@ -0,0 +1,68 @@
+from autorecon.plugins import ServiceScan
+from urllib.parse import urlparse
+import requests
+import urllib3
+import os
+import ipaddress
+
+urllib3.disable_warnings()
+
+class RedirectHostnameDiscovery(ServiceScan):
+
+    def __init__(self):
+        super().__init__()
+        self.name = 'Redirect Hostname Discovery'
+        self.slug = 'redirect-host-discovery'
+        self.tags = ['default', 'http', 'quick']
+
+    def configure(self):
+        self.match_service_name('^http')
+        self.match_service_name('^nacn_http$', negative_match=True)
+        self.add_true_option(
+            'update-hosts',
+            help='If set, discovered redirect hostnames will be added to /etc/hosts with the target IP'
+        )
+
+    async def run(self, service):
+        try:
+            ipaddress.ip_address(service.target.address)
+        except ValueError:
+            return 
+
+        try:
+            url = f"{'https' if service.secure else 'http'}://{service.target.address}:{service.port}/"
+            resp = requests.get(url, verify=False, allow_redirects=False)
+
+            if 'Location' in resp.headers:
+                location = resp.headers['Location']
+                parsed = urlparse(location)
+                redirect_host = parsed.hostname
+
+                if redirect_host:
+                    service.info(f"[+] Redirect detected: {url} → {location}")
+                    service.info(f"[+] Hostname found in redirect: {redirect_host}")
+
+                    if self.get_option('update-hosts'):
+                        if os.geteuid() != 0:
+                            service.error("[!] --redirect-host-discovery.update-hosts requires root to modify /etc/hosts.")
+                            return
+
+                        ip = service.target.address
+                        hostname = redirect_host
+
+                        with open("/etc/hosts", "r") as hosts_file:
+                            for line in hosts_file:
+                                parts = line.strip().split()
+                                if len(parts) >= 2 and parts[0] == ip and hostname in parts[1:]:
+                                    return  # entry exists, skip writing
+
+                        with open("/etc/hosts", "a") as hosts_file:
+                            hosts_file.write(f"{ip} {hostname}\n")
+                        service.info(f"[+] Hostname {hostname} added to /etc/hosts with IP {ip}")
+                else:
+                    service.info(f"[+] Redirect detected, but no hostname found in: {location}")
+            else:
+                service.info(f"[-] No redirect detected at {url}")
+
+        except Exception as e:
+            service.error(f"[!] Error during redirect check on {service.target.address}:{service.port} — {e}")
--- a/ferox-http_10_10_11_68:80_-1749752072.state
+++ b/ferox-http_10_10_11_68:80_-1749752072.state
--- a/ferox-http_10_10_11_68:80_-1749754750.state
+++ b/ferox-http_10_10_11_68:80_-1749754750.state
@ -0,0 +1 @@
+{"scans":[],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","server_certs":[],"client_cert":"","client_key":"","target_url":"http://10.10.11.68:80/","status_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"replay_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/root/Desktop/AutoRecon/results/10.10.11.68/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.11.0","random_agent":false,"redirects":true,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"backup_extensions":["~",".bak",".bak2",".old",".1"],"collect_words":false,"force_recursion":false,"scan_dir_listings":false,"protocol":"https","limit_bars":0},"responses":[],"statistics":{"type":"statistics","timeouts":0,"requests":0,"expected_per_scan":0,"total_expected":0,"errors":0,"successes":0,"redirects":0,"client_errors":0,"server_errors":0,"total_scans":0,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":0,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":0,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0],"targets":["http://10.10.11.68:80/"]},"collected_extensions":[],"filters":[]}
--- a/ferox-http_10_10_11_68:80_-1749754869.state
+++ b/ferox-http_10_10_11_68:80_-1749754869.state
@ -0,0 +1 @@
+{"scans":[],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","server_certs":[],"client_cert":"","client_key":"","target_url":"http://10.10.11.68:80/","status_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"replay_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/root/Desktop/AutoRecon/results/10.10.11.68/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.11.0","random_agent":false,"redirects":true,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"backup_extensions":["~",".bak",".bak2",".old",".1"],"collect_words":false,"force_recursion":false,"scan_dir_listings":false,"protocol":"https","limit_bars":0},"responses":[],"statistics":{"type":"statistics","timeouts":0,"requests":0,"expected_per_scan":0,"total_expected":0,"errors":0,"successes":0,"redirects":0,"client_errors":0,"server_errors":0,"total_scans":0,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":0,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":0,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0],"targets":["http://10.10.11.68:80/"]},"collected_extensions":[],"filters":[]}
--- a/ferox-http_10_10_11_68:80_-1749754922.state
+++ b/ferox-http_10_10_11_68:80_-1749754922.state
--- a/ferox-http_10_10_11_68:80_-1749755197.state
+++ b/ferox-http_10_10_11_68:80_-1749755197.state
@ -0,0 +1 @@
+{"scans":[{"id":"957f7ae9ba7947279d42798d41933439","url":"http://10.10.11.68:80/","normalized_url":"http://10.10.11.68:80/","scan_type":"Directory","status":"Running","num_requests":833007,"requests_made_so_far":0}],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","server_certs":[],"client_cert":"","client_key":"","target_url":"http://10.10.11.68:80/","status_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"replay_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/root/Desktop/AutoRecon/results/10.10.11.68/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.11.0","random_agent":false,"redirects":true,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"backup_extensions":["~",".bak",".bak2",".old",".1"],"collect_words":false,"force_recursion":false,"scan_dir_listings":false,"protocol":"https","limit_bars":0},"responses":[],"statistics":{"type":"statistics","timeouts":0,"requests":45,"expected_per_scan":833007,"total_expected":833007,"errors":0,"successes":2,"redirects":0,"client_errors":43,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":2,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":0,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0],"targets":["http://10.10.11.68:80/"]},"collected_extensions":[],"filters":[{"content_length":162,"line_count":7,"word_count":12,"method":"GET","status_code":404,"dont_filter":false},{"hash":6058358551434275956,"original_url":"http://planning.htb/946d4fbb4be245a689b54aa693f671d2"}]}
--- a/ferox-http_planning_htb:80_-1749755085.state
+++ b/ferox-http_planning_htb:80_-1749755085.state
--- a/ferox-http_planning_htb:80_-1749755142.state
+++ b/ferox-http_planning_htb:80_-1749755142.state
--- a/ferox-http_planning_htb:80_-1749755399.state
+++ b/ferox-http_planning_htb:80_-1749755399.state
--- a/ferox-http_planning_htb:80_-1749755569.state
+++ b/ferox-http_planning_htb:80_-1749755569.state
				`@ -0,0 +1 @@`
				{"scans":[],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","server_certs":[],"client_cert":"","client_key":"","target_url":"http://10.10.11.68:80/","status_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"replay_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/root/Desktop/AutoRecon/results/10.10.11.68/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.11.0","random_agent":false,"redirects":true,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"backup_extensions":["~",".bak",".bak2",".old",".1"],"collect_words":false,"force_recursion":false,"scan_dir_listings":false,"protocol":"https","limit_bars":0},"responses":[],"statistics":{"type":"statistics","timeouts":0,"requests":0,"expected_per_scan":0,"total_expected":0,"errors":0,"successes":0,"redirects":0,"client_errors":0,"server_errors":0,"total_scans":0,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":0,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":0,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0],"targets":["http://10.10.11.68:80/"]},"collected_extensions":[],"filters":[]}
				`@ -0,0 +1 @@`
				{"scans":[{"id":"957f7ae9ba7947279d42798d41933439","url":"http://10.10.11.68:80/","normalized_url":"http://10.10.11.68:80/","scan_type":"Directory","status":"Running","num_requests":833007,"requests_made_so_far":0}],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","server_certs":[],"client_cert":"","client_key":"","target_url":"http://10.10.11.68:80/","status_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"replay_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/root/Desktop/AutoRecon/results/10.10.11.68/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.11.0","random_agent":false,"redirects":true,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"backup_extensions":["~",".bak",".bak2",".old",".1"],"collect_words":false,"force_recursion":false,"scan_dir_listings":false,"protocol":"https","limit_bars":0},"responses":[],"statistics":{"type":"statistics","timeouts":0,"requests":45,"expected_per_scan":833007,"total_expected":833007,"errors":0,"successes":2,"redirects":0,"client_errors":43,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":2,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":0,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0],"targets":["http://10.10.11.68:80/"]},"collected_extensions":[],"filters":[{"content_length":162,"line_count":7,"word_count":12,"method":"GET","status_code":404,"dont_filter":false},{"hash":6058358551434275956,"original_url":"http://planning.htb/946d4fbb4be245a689b54aa693f671d2"}]}