Today we’re releasing VHostScan: GitHub - codingo/VHostScan: A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
This is an enumeration tool designed to help you quickly find virtual hosts even in situations where a catch-all default page has been setup with dynamic pages (such as the time on the page). Very open to pull requests, feature ideas, bug reports, new wordlists, etc’ towards future releases. You can find me on twitter at https://twitter.com/codingo_
Key Benefits
- Quickly highlight unique content in catch-all scenarios
- Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time)
- Identify aliases by tweaking the unique depth of matches
- Wordlist supports standard words and a variable to input a base hostname (for e.g. dev.%s from the wordlist would be run as dev.BASE_HOST)
- Work over HTTP and HTTPS
- Ability to set the real port of the webserver to use in headers when pivoting through ssh/nc
- Add simple response headers to bypass some WAF products