VHostScan: A virtual host scanner that can pivot, detect catch-all scenarios, and dynamic page data

Today we’re releasing VHostScan: GitHub - codingo/VHostScan: A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

This is an enumeration tool designed to help you quickly find virtual hosts even in situations where a catch-all default page has been setup with dynamic pages (such as the time on the page). Very open to pull requests, feature ideas, bug reports, new wordlists, etc’ towards future releases. You can find me on twitter at https://twitter.com/codingo_

Key Benefits

  • Quickly highlight unique content in catch-all scenarios
  • Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time)
  • Identify aliases by tweaking the unique depth of matches
  • Wordlist supports standard words and a variable to input a base hostname (for e.g. dev.%s from the wordlist would be run as dev.BASE_HOST)
  • Work over HTTP and HTTPS
  • Ability to set the real port of the webserver to use in headers when pivoting through ssh/nc
  • Add simple response headers to bypass some WAF products

Awesome job man, this will be super useful.

This has now been updated to do reverse lookups during a scan and add any findings to the wordlist… Quite valuable for bug bounty hunting!

Good job!

If you’re participating or would like to participate in HackToberfest and are looking for a project, I’m happy to mentor improvements on this. Feel free to ping me on twitter @codingo_

I’m not longer on the chat since it moved to mattermost, but you can also find me on a variety of slack servers.