FortyNorthSecurity
I keep getting the error: "Message: Invalid Host header localhost:..."
Hi, I thought I had fixed the issue in my last post but actually no. So here's my situation, I downloaded EyeWitness on my arch linux computer with the following commands:
git clone https://github.com/RedSiege/EyeWitness.git
uv venv --python 3.13
source .venv/bin/activate
cd EyeWitness/Python/setup
uv pip install -r requirements.txt
I indicate the correct python interpreter for all the python files:
cd ../
nano *.py
By replacing the shebang with:
#!/home/dvr/tools/EyeWitness/Python/.venv/bin/python3
I check that everything works with:
./EyeWitness.py -help
And it works fine. I then want to enumerate websites with the following subdomains.txt file like:
blog.inlanefreight.local
careers.inlanefreight.local
dev.inlanefreight.local
...
And I check that I can indeed reach these urls:
╭─ ~/Desktop/AEN2/web_research 17:46:18
╰─❯ curl -s -I http://blog.inlanefreight.local/
HTTP/1.1 200 OK
Date: Thu, 17 Apr 2025 15:47:10 GMT
Server: Apache/2.4.53 (Debian)
X-Powered-By: PHP/8.0.19
Cache-Control: must-revalidate, no-cache, private
X-Drupal-Dynamic-Cache: MISS
X-UA-Compatible: IE=edge
Content-language: en
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Permissions-Policy: interest-cohort=()
Expires: Sun, 19 Nov 1978 05:00:00 GMT
X-Generator: Drupal 9 (https://www.drupal.org)
X-Drupal-Cache: HIT
Content-Type: text/html; charset=UTF-8
Via: 1.1 blog.inlanefreight.local
╭─ ~/Desktop/AEN2/web_research 17:47:13
╰─❯ curl -s -I http://dev.inlanefreight.local/
HTTP/1.1 200 OK
Date: Thu, 17 Apr 2025 15:47:22 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Via: 1.1 dev.inlanefreight.local
╭─ ~/Desktop/AEN2/web_research 17:47:24
╰─❯ curl -s -I http://careers.inlanefreight.local/
HTTP/1.1 200 OK
Date: Thu, 17 Apr 2025 15:47:30 GMT
Server: Werkzeug/2.1.2 Python/3.8.13
Content-Type: text/html; charset=utf-8
Content-Length: 51806
Via: 1.1 careers.inlanefreight.local
As you can see these URLs can be reached correctly, I get 200 responses. Now let's try to launch EyeWitness:
~/tools/EyeWitness/Python/EyeWitness.py -f subdomains.txt -d eyewitness_report
And I get the following output:
################################################################################
# EyeWitness #
################################################################################
# Red Siege Information Security - https://www.redsiege.com #
################################################################################
Starting Web Requests (10 Hosts)
Message: Invalid Host header localhost:60779
Message: Invalid Host header localhost:45027
Message: Invalid Host header localhost:37841
Message: Invalid Host header localhost:48379
Message: Invalid Host header localhost:47711
Message: Invalid Host header localhost:35231
Message: Invalid Host header localhost:41165
Message: Invalid Host header localhost:40303
Message: Invalid Host header localhost:57337
Message: Invalid Host header localhost:46867
Finished in 13.85072922706604 seconds
[*] No report files found to open, perhaps no hosts were successful
Does anybody know how to fix or even troubleshoot this?
If the subdomain file contains domain names, do you have any idea where the localhost and port have come from?
On Thu, 17 Apr 2025, 16:52 Dave Real, @.***> wrote:
Hi, I thought I had fixed the issue in my last post but actually no. So here's my situation, I downloaded EyeWitness on my arch linux computer with the following commands:
git clone https://github.com/RedSiege/EyeWitness.git uv venv --python 3.13 source .venv/bin/activate cd EyeWitness/Python/setup uv pip install -r requirements.txt
I check that everything works with:
cd ../ ./EyeWitness.py -help
And it works fine. I then want to enumerate websites with the following subdomains.txt file like:
blog.inlanefreight.local careers.inlanefreight.local dev.inlanefreight.local ...
And I check that I can indeed reach these urls:
╭─ ~/Desktop/AEN2/web_research 17:46:18 ╰─❯ curl -s -I http://blog.inlanefreight.local/ HTTP/1.1 200 OK Date: Thu, 17 Apr 2025 15:47:10 GMT Server: Apache/2.4.53 (Debian) X-Powered-By: PHP/8.0.19 Cache-Control: must-revalidate, no-cache, private X-Drupal-Dynamic-Cache: MISS X-UA-Compatible: IE=edge Content-language: en X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: interest-cohort=() Expires: Sun, 19 Nov 1978 05:00:00 GMT X-Generator: Drupal 9 (https://www.drupal.org) X-Drupal-Cache: HIT Content-Type: text/html; charset=UTF-8 Via: 1.1 blog.inlanefreight.local
╭─ ~/Desktop/AEN2/web_research 17:47:13 ╰─❯ curl -s -I http://dev.inlanefreight.local/ HTTP/1.1 200 OK Date: Thu, 17 Apr 2025 15:47:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Type: text/html; charset=UTF-8 Via: 1.1 dev.inlanefreight.local
╭─ ~/Desktop/AEN2/web_research 17:47:24 ╰─❯ curl -s -I http://careers.inlanefreight.local/ HTTP/1.1 http://careers.inlanefreight.local/HTTP/1.1 200 OK Date: Thu, 17 Apr 2025 15:47:30 GMT Server: Werkzeug/2.1.2 Python/3.8.13 Content-Type: text/html; charset=utf-8 Content-Length: 51806 Via: 1.1 careers.inlanefreight.local
As you can see these URLs can be reached correctly, I get 200 responses. Now let's try to launch EyeWitness:
~/tools/EyeWitness/Python/EyeWitness.py -f subdomains.txt -d eyewitness_report
And I get the following output:
################################################################################
EyeWitness
################################################################################
Red Siege Information Security - https://www.redsiege.com
################################################################################
Starting Web Requests (10 Hosts) Message: Invalid Host header localhost:60779
Message: Invalid Host header localhost:45027
Message: Invalid Host header localhost:37841
Message: Invalid Host header localhost:48379
Message: Invalid Host header localhost:47711
Message: Invalid Host header localhost:35231
Message: Invalid Host header localhost:41165
Message: Invalid Host header localhost:40303
Message: Invalid Host header localhost:57337
Message: Invalid Host header localhost:46867
Finished in 13.85072922706604 seconds [*] No report files found to open, perhaps no hosts were successful
Does anybody know how to fix or even troubleshoot this?
— Reply to this email directly, view it on GitHub https://github.com/RedSiege/EyeWitness/issues/700, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWMQP4HCGZZUEMEIOF32Z7E2JAVCNFSM6AAAAAB3LHFS4WVHI2DSMVQWIX3LMV43ASLTON2WKOZTGAYDEOBYGA2TAMI . You are receiving this because you are subscribed to this thread.Message ID: @.***> dave38R created an issue (RedSiege/EyeWitness#700) https://github.com/RedSiege/EyeWitness/issues/700
Hi, I thought I had fixed the issue in my last post but actually no. So here's my situation, I downloaded EyeWitness on my arch linux computer with the following commands:
git clone https://github.com/RedSiege/EyeWitness.git uv venv --python 3.13 source .venv/bin/activate cd EyeWitness/Python/setup uv pip install -r requirements.txt
I check that everything works with:
cd ../ ./EyeWitness.py -help
And it works fine. I then want to enumerate websites with the following subdomains.txt file like:
blog.inlanefreight.local careers.inlanefreight.local dev.inlanefreight.local ...
And I check that I can indeed reach these urls:
╭─ ~/Desktop/AEN2/web_research 17:46:18 ╰─❯ curl -s -I http://blog.inlanefreight.local/ HTTP/1.1 200 OK Date: Thu, 17 Apr 2025 15:47:10 GMT Server: Apache/2.4.53 (Debian) X-Powered-By: PHP/8.0.19 Cache-Control: must-revalidate, no-cache, private X-Drupal-Dynamic-Cache: MISS X-UA-Compatible: IE=edge Content-language: en X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Permissions-Policy: interest-cohort=() Expires: Sun, 19 Nov 1978 05:00:00 GMT X-Generator: Drupal 9 (https://www.drupal.org) X-Drupal-Cache: HIT Content-Type: text/html; charset=UTF-8 Via: 1.1 blog.inlanefreight.local
╭─ ~/Desktop/AEN2/web_research 17:47:13 ╰─❯ curl -s -I http://dev.inlanefreight.local/ HTTP/1.1 200 OK Date: Thu, 17 Apr 2025 15:47:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Type: text/html; charset=UTF-8 Via: 1.1 dev.inlanefreight.local
╭─ ~/Desktop/AEN2/web_research 17:47:24 ╰─❯ curl -s -I http://careers.inlanefreight.local/ HTTP/1.1 http://careers.inlanefreight.local/HTTP/1.1 200 OK Date: Thu, 17 Apr 2025 15:47:30 GMT Server: Werkzeug/2.1.2 Python/3.8.13 Content-Type: text/html; charset=utf-8 Content-Length: 51806 Via: 1.1 careers.inlanefreight.local
As you can see these URLs can be reached correctly, I get 200 responses. Now let's try to launch EyeWitness:
~/tools/EyeWitness/Python/EyeWitness.py -f subdomains.txt -d eyewitness_report
And I get the following output:
################################################################################
EyeWitness
################################################################################
Red Siege Information Security - https://www.redsiege.com
################################################################################
Starting Web Requests (10 Hosts) Message: Invalid Host header localhost:60779
Message: Invalid Host header localhost:45027
Message: Invalid Host header localhost:37841
Message: Invalid Host header localhost:48379
Message: Invalid Host header localhost:47711
Message: Invalid Host header localhost:35231
Message: Invalid Host header localhost:41165
Message: Invalid Host header localhost:40303
Message: Invalid Host header localhost:57337
Message: Invalid Host header localhost:46867
Finished in 13.85072922706604 seconds [*] No report files found to open, perhaps no hosts were successful
Does anybody know how to fix or even troubleshoot this?
— Reply to this email directly, view it on GitHub https://github.com/RedSiege/EyeWitness/issues/700, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWMQP4HCGZZUEMEIOF32Z7E2JAVCNFSM6AAAAAB3LHFS4WVHI2DSMVQWIX3LMV43ASLTON2WKOZTGAYDEOBYGA2TAMI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
If the subdomain file contains domain names, do you have any idea where the localhost and port have come from?
Hello, No clearly I do not understand where these things come from. I ran nstat during the execution and I saw that the ports were used momentarily just for the request. I also tried passing the requests through zaproxy with the options: --proxy-ip 127.0.0.1 --proxy-port 8080 --proxy-type http but it didn't work for some reason.
Do you have the latest geckodriver installed? Is this run headlessly? Does Firefox work on your system?
Do you have the latest geckodriver installed? Is this run headlessly? Does Firefox work on your system?
I do think I have the latest version of geckodriver installed:
❯ geckodriver --version
geckodriver 0.36.0 (a3d508507022 2025-02-24 15:57 +0000)
I'll admit I'm a little unsure of the terms here, but I do think that I am running eyewitness headlessly yes, since no browser window opens...
Firefox does work on my system, I've been using nothing else since I set it up.
❯ firefox --version
Mozilla Firefox 137.0.2
I would also like to say that I tried to debug this whole thing with a proxy. The problem is that the eyewitness requests won't even go through my proxy:
❯ curl -x http://127.0.0.1:8080 -s -I http://dev.inlanefreight.local/
HTTP/1.1 200 OK
Date: Thu, 24 Apr 2025 12:41:12 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Via: 1.1 dev.inlanefreight.local
❯ eyewitness --web --single http://dev.inlanefreight.local -d eyewitness_report --proxy-ip 127.0.0.1 --proxy-port 8080 --proxy-type http --timeout 120 --no-clear
Directory Exists! Do you want to overwrite? [y/n] y
################################################################################
# EyeWitness #
################################################################################
# Red Siege Information Security - https://www.redsiege.com #
################################################################################
Message: Invalid Host header localhost:45347
Here's a screenshot of my proxy window:
New headless stuff in place. Marking this as fixed in 6634ff2234794283a3a091c719f7f156dfe67609. Let me know if we should reopen this.
