VHosts

Search…

VHosts

Tools
1
# https://github.com/jobertabma/virtual-host-discovery
2
ruby scan.rb --ip=192.168.1.101 --host=domain.tld
3
​
4
# https://github.com/dariusztytko/vhosts-sieve
5
python3 vhosts-sieve.py -d domains.txt -o vhosts.txt
6
​
7
# Enum vhosts
8
fierce -dns example.com
9
​
10
# https://github.com/codingo/VHostScan
11
VHostScan -t example.com
Copied!
Techniques
1
# ffuf
2
badresponse=$(curl -s -H "host: totallynotexistsforsure.bugcrowd.com" https://bugcrowd.com | wc -c)
3
ffuf -u https://TARGET.com -H "Host: FUZZ.TARGET.com" -w werdlists/dns-hostnames/nmap-vhosts-all.txt -fs $badresponse
4
​
5
# Manual with subdomains list
6
for sub in $(cat subdomains.txt); do
7
			echo "$sub $(dig +short a $sub | tail -n1)" | anew -q subdomains_ips.txt
8
done
9
​
Copied!

IIS

Firebase

Last modified 1yr ago

Export as PDF

Copy link

Edit on GitHub

Contents

Tools

Techniques