This plugin finds misconfigurations in the virtual host settings by sending a specially crafted request with a trailing dot in the domain name. For example, if the input for this plugin is http://host.tld/ , the plugin will perform a request to http://host.tld./ . In some misconfigurations, the attacker is able to read the web application source code by requesting any of the files in the “dotted” domain like this:
This plugin doesn’t have any user configured options.
This plugin has no dependencies.