Enterprise Recon 2.0.29

Websites

This section covers the following topics:

Set Up a Website as a Target Location

  1. From the New Search page, Add Targets.
  2. In the Select Target Type dialog box, select Server.
  3. In Enter New Target Hostname, enter the website domain name.
  4. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  5. Click Commit to add the Target.
  6. In the Select Types dialog box, select Websites.
  7. Under Websites section, select Website (http://) or SSL Website (https://).
  8. Fill in the fields as follows:

    Field Description
    (Optional) Path See Path Options table to understand the parameters available to configure a website scan.
    If Path field is left blank, only resources available at the Target website root directory will be scanned.
    (Optional) Credential Label Enter a descriptive label for the credential set.
    Only "Basic" HTTP authentication scheme credentials are supported.
    (Optional) Username Enter your user name.
    (Optional) Password Enter your password.
    Agent to act as proxy host The host name of the machine on which the Proxy Agent resides on. This selected Proxy Agent will be used to scan the website.
  9. Click +Add customised.

Path Options

The following options can be defined in the Path field to setup a website Target scan:

Options Description
<folder>

Scan a specific directory on the website domain.

If <folder> is not defined in the Path field, only resources available at the Target website root directory will be scanned.

(port=<port>)

Define a custom port for the Proxy Agent to establish a connection with the server hosting the Target website.

If the Target website is hosted on a port other than the standard HTTP (80) or HTTPS (443) ports, the port option must be specified.

(depth=<depth>)

Specify the address of the HTTP proxy server.

If the Proxy Agent has to connect to the Target website via a HTTP proxy server, the proxy option must be specified.

(proxy=<proxy>)

Specify the address of the HTTP proxy server.

If the Proxy Agent has to connect to the Target website via a HTTP proxy server, the proxy option must be specified.

The examples below describe the different scan scenarios based on the value in the Path field for a Target website hosted at http://www.example.com.

  1. folder1(depth=2)(port=8080)
    Proxy Agent will receive instructions to scan the resources available in the following directories on port 8080:
    • www.example.com:8080/folder1/*
    • www.example.com:8080/folder1/folder2a/*
    • www.example.com:8080/folder1/folder2a/folder3a/*
    • www.example.com:8080/folder1/folder2b/*
    • www.example.com:8080/folder1/folder2b/folder3b*
  2. (proxy=proxy.example.com) No folder or depth is defined. Proxy Agent will receive instructions to scan only the resources available in the root directory through the proxy server proxy.example.com:
    • www.example.com/*

Sub-domains

Sub-domains are considered individual Targets, therefore each sub-domain must be licensed and scanned separately from apex domains.

Three separate licenses are required to scan the Targets below:
  • www.example.com
  • example.com
  • subdomain.example.com