Fixed issue and added feature (#241)

* feature update * Changed spaces to tabs. --------- Co-authored-by: Tib3rius <48113936+Tib3rius@users.noreply.github.com>
2025-05-27 23:26:28 +05:30 · 2025-05-27 23:26:28 +05:30 · fd87c99abc
parent ee58c5c6a2
commit fd87c99abc
2 changed files with 56 additions and 3 deletions
--- a/autorecon/default-plugins/hostname-discovery.py
+++ b/autorecon/default-plugins/hostname-discovery.py
@ -0,0 +1,39 @@
+from autorecon.plugins import ServiceScan
+import requests
+from urllib.parse import urlparse
+import urllib3
+
+urllib3.disable_warnings()
+
+class RedirectHostnameDiscovery(ServiceScan):
+
+	def __init__(self):
+		super().__init__()
+		self.name = 'Redirect Hostname Discovery'
+		self.slug = 'redirect-host-discovery'
+		self.tags = ['default', 'http', 'quick']
+
+	def configure(self):
+		self.match_service_name('^http')
+		self.match_service_name('^nacn_http$', negative_match=True)
+
+	async def run(self, service):
+		try:
+			url = f"{'https' if service.secure else 'http'}://{service.target.address}:{service.port}/"
+			resp = requests.get(url, verify=False, allow_redirects=False)
+
+			if 'Location' in resp.headers:
+				location = resp.headers['Location']
+				parsed = urlparse(location)
+				redirect_host = parsed.hostname
+
+				if redirect_host:
+					service.info(f"[+] Redirect detected: {url} → {location}")
+					service.info(f"[+] Hostname found in redirect: {redirect_host}")
+				else:
+					service.info(f"[+] Redirect detected, but no hostname could be parsed: {location}")
+			else:
+				service.info(f"[-] No redirect detected at {url}")
+
+		except Exception as e:
+			service.error(f"[!] Error during redirect check on {service.target.address}:{service.port} — {e}")
--- a/autorecon/default-plugins/virtual-host-enumeration.py
+++ b/autorecon/default-plugins/virtual-host-enumeration.py
@ -1,6 +1,7 @@
 from autorecon.plugins import ServiceScan
 from shutil import which
 import os, requests, random, string, urllib3
+
 urllib3.disable_warnings()

 class VirtualHost(ServiceScan):
@ -31,9 +32,22 @@ class VirtualHost(ServiceScan):
 			for wordlist in self.get_option('wordlist'):
 				name = os.path.splitext(os.path.basename(wordlist))[0]
 				for hostname in hostnames:
-					wildcard = requests.get(('https' if service.secure else 'http') + '://' + service.target.address + ':' + str(service.port) + '/', headers={'Host':''.join(random.choice(string.ascii_letters) for i in range(20)) + '.' + hostname}, verify=False)
+					try:
+						wildcard = requests.get(
+							('https' if service.secure else 'http') + '://' + service.target.address + ':' + str(service.port) + '/',
+							headers={'Host': ''.join(random.choice(string.ascii_letters) for _ in range(20)) + '.' + hostname},
+							verify=False,
+							allow_redirects=False
+						)
+						size = str(len(wildcard.content))
+					except requests.exceptions.RequestException as e:
+						service.error(f"[!] Wildcard request failed for {hostname}: {e}")
+						continue

-					size = str(len(wildcard.content))
-					await service.execute('ffuf -u {http_scheme}://' + hostname + ':{port}/ -t ' + str(self.get_option('threads')) + ' -w ' + wordlist + ' -H "Host: FUZZ.' + hostname + '" -mc all -fs ' + size + ' -r -noninteractive -s | tee "{scandir}/{protocol}_{port}_{http_scheme}_' + hostname + '_vhosts_' + name + '.txt"')
+					await service.execute(
+						'ffuf -u {http_scheme}://' + hostname + ':{port}/ -t ' + str(self.get_option('threads')) +
+						' -w ' + wordlist + ' -H "Host: FUZZ.' + hostname + '" -mc all -fs ' + size +
+						' -r -noninteractive -s | tee "{scandir}/{protocol}_{port}_{http_scheme}_' + hostname + '_vhosts_' + name + '.txt"'
+					)
 		else:
 			service.info('The target was not a hostname, nor was a hostname provided as an option. Skipping virtual host enumeration.')