{"id":33289515,"url":"https://github.com/black5ugar/hostcollision","last_synced_at":"2026-03-04T04:02:47.760Z","repository":{"id":185755302,"uuid":"470468536","full_name":"black5ugar/HostCollision","owner":"black5ugar","description":"HostCollision(lightweight)/Host碰撞\\爆破(主打轻量)","archived":false,"fork":false,"pushed_at":"2025-11-17T20:00:41.000Z","size":1697,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-17T22:03:01.958Z","etag":null,"topics":["collision-detection","host","pentest","web"],"latest_commit_sha":null,"homepage":"https://blacksugar.top/posts/host_collision/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/black5ugar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-03-16T07:01:39.000Z","updated_at":"2025-11-17T20:33:09.000Z","dependencies_parsed_at":"2025-11-17T22:02:37.846Z","dependency_job_id":null,"html_url":"https://github.com/black5ugar/HostCollision","commit_stats":null,"previous_names":["black5ugar/hostcollision"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/black5ugar/HostCollision","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/black5ugar%2FHostCollision","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/black5ugar%2FHostCollision/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/black5ugar%2FHostCollision/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/black5ugar%2FHostCollision/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/black5ugar","download_url":"https://codeload.github.com/black5ugar/HostCollision/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/black5ugar%2FHostCollision/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30071670,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T03:25:38.285Z","status":"ssl_error","status_checked_at":"2026-03-04T03:25:05.086Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["collision-detection","host","pentest","web"],"created_at":"2025-11-17T22:01:18.983Z","updated_at":"2026-03-04T04:02:47.756Z","avatar_url":"https://github.com/black5ugar.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HostCollision\n\n[🇨🇳 中文版点此](#中文版说明)\n\nHostCollision is a high-performance tool for discovering virtual hosts by sending HTTP requests with customized `Host` headers to the same IP address.  \nIt is commonly used in penetration testing to detect websites behind reverse proxies, shared hosting, CDN environments, wildcard DNS, and misconfigured vhosts.\n\nThis version is a fully refactored and modularized implementation based on the original project.\n\n\n\n## ✨ Features\n\n- 🚀 **High-speed scanning** powered by goroutine worker pool  \n- 🧠 **Similarity detection** to filter out generic/wildcard/default pages  \n- 📝 **Real-time terminal logs** showing status code, duration, and similarity  \n- 📄 **CSV result output** for better data analysis  \n- ⚙️ **Configurable parameters** (threads, sleep, threshold, max hits per IP…)  \n- 🎨 **Beautiful CLI banner**\n\n\n\n## 📦 Installation\n\n```bash\ngo build -o hostcollision ./cmd/hostcollision  \n```\n\nOr download from release\n\n\n\n## 🧪 Example Usage\n\n```\n./hostcollision \\\n  -i ip.txt \\\n  -d host.txt \\\n  -o output.csv \\\n  -n 20 \\\n  -s 0 \\\n  -m 10 \\\n  -r 85\n```\n\n\n\n## 🗂 Command-line Options\n\n\n| Option | Description                                 |\n| ------ | ------------------------------------------- |\n| `-i`   | Path to IP list file (required)             |\n| `-d`   | Path to host dictionary file (required)     |\n| `-o`   | Output CSV file path (required)             |\n| `-n`   | Number of goroutines (default 20)           |\n| `-s`   | Sleep between requests in ms (default 1000) |\n| `-m`   | Max successful hosts per IP (default 50)    |\n| `-r`   | Similarity threshold (0–100, default 85)    |\n\n\n\n## 📤 Output\n\noutput.csv will contain:\n```\nip,host,status,length,similar\n127.0.0.1,www.example.com,200,7648,32\n```\n\n`ip`      – target IP address\n\n`host`    – tested Host header\n\n`status`  – HTTP status code\n\n`length`  – response body length (bytes)\n\n`similar` – similarity score (0–100) compared to baseline for that IP\n\n\n\n## 🧪 Minimal Local Test Setup\n\nThis is a simple way to verify the tool works end-to-end on your machine.\n\n1. **Create `ip.txt`**\n\n   ```\n   127.0.0.1\n   ```\n\n2. **Create** `host.txt`\n\t\n\t```\n\twww.aaa.com\n\twww.bbb.com\n\twww.ccc.com\n\t```\n\n3. **Run a simple HTTP server** (example)\n\n   You can write a small Go HTTP server that returns different content based on `r.Host`, or use any web server with multiple vhosts bound to `127.0.0.1 ` (provided in the testserver dirctory)\n\n4. **Start scanning**\n\n   ```\n   ./hostcollision -i ip.txt -d host.txt -o output.csv -n 3 -s 0 -m 10 -r 85\n   ```\n\n​\tYou will see real-time logs in the terminal and structured results in `output.csv`.\n\n\n\n## 📚 Project Structure\n\n```\ncmd/hostcollision        # Main entry point (CLI)\ninternal/app             # Application orchestration (read -\u003e scan -\u003e write)\ninternal/config          # CLI configuration parsing and validation\ninternal/scanner         # Core scanning logic (workers, HTTP, thresholds)\ninternal/similarity      # Similarity engine for response body comparison\ninternal/iohelper        # File reading/writing utilities\ninternal/banner          # CLI banner (version, author, GitHub)\n\n```\n\n\n\n## ⚠️ Legal \u0026 Ethical Disclaimer\n\nThis tool is intended **only for authorized security testing and research**.\n Do **not** use it against targets without explicit permission.\n You are solely responsible for complying with all applicable laws and regulations.\n\n\n\n# 中文版说明\n\n[🇬🇧 English version click here](#HostCollision)\n\nHostCollision 是一个通过自定义 `Host` 头，对目标 IP 进行批量请求，从而发现隐藏虚拟主机的高性能扫描工具。\n 常见使用场景包括：\n\n- 反向代理 / 共享主机环境中的站点枚举\n- CDN 场景下真实站点的探测\n- 泛解析 / 默认站点识别\n- Vhost 配置错误排查\n\n当前版本对原项目进行了重构，结构更加清晰、模块化，便于维护和扩展。\n\n\n\n## ✨ 功能特点\n\n- 🚀 **高并发扫描**：基于 goroutine 的 worker pool\n- 🧠 **响应相似度检测**：过滤统一错误页 / 默认页 / 泛解析内容\n- 📡 **终端实时日志**：显示 IP、Host、状态码、耗时、相似度、过滤原因\n- 📄 **CSV 结果输出**：带表头，方便后续用 Excel / 脚本分析\n- ⚙️ **可配置参数**：线程数、请求间隔、相似度阈值、每 IP 最大命中数等\n\n\n\n\n\n## 📦 安装方式\n\n```\ngo build -o hostcollision ./cmd/hostcollision\n```\n\n或者从 Release 页面下载已编译好的二进制文件.\n\n\n\n## 🧪 使用示例\n\n```\n./hostcollision \\\n  -i ip.txt \\\n  -d host.txt \\\n  -o output.csv \\\n  -n 20 \\\n  -s 1000 \\\n  -m 50 \\\n  -r 85\n\n```\n\n\n\n\n\n## 🗂 参数说明\n\n| 参数 | 说明                                                         |\n| ---- | ------------------------------------------------------------ |\n| `-i` | IP 列表文件路径（必选）                                      |\n| `-d` | Host 字典文件路径（必选）                                    |\n| `-o` | 输出 CSV 文件路径（必选）                                    |\n| `-n` | 并发 goroutine 数量（默认 `20`）                             |\n| `-s` | 每次请求间的 sleep（毫秒，默认 `1000`）                      |\n| `-m` | 单个 IP 最多保留的成功 Host 数（默认 `50`）                  |\n| `-r` | 相似度阈值（0–100，默认 `85`，大于等于该值认为“过于相似”而被过滤） |\n\n\n\n## 📤 输出说明\n\n结果文件为 CSV 格式，包含表头：\n\n```\nip,host,status,length,similar\n127.0.0.1,www.example.com,200,7648,32\n```\n\n字段含义：\n\n- `ip`      – 被扫描的 IP\n- `host`    – 请求使用的 Host 头\n- `status`  – HTTP 状态码\n- `length`  – 响应 Body 长度（字节）\n- `similar` – 与该 IP 基准响应的相似度（0–100）\n\n\n\n## 🧪 最小本地测试环境\n\n1. **准备 `ip.txt`**\n\n```\n127.0.0.1\n```\n\n2. **准备 `host.txt`**\n\n```\nwww.aaa.com\nwww.bbb.com\nwww.ccc.com\n```\n\n3. **启动本地 HTTP 服务** (可看testserver/目录)\n\n例如使用一个简单的 Go HTTP 服务，根据 `r.Host` 返回不同页面，或使用一个配置了多个 vhost 的 Web 服务器，均监听在 `127.0.0.1`。\n\n4. **执行扫描**\n\n```\n./hostcollision -i ip.txt -d host.txt -o output.csv -n 3 -s 0 -m 10 -r 85\n```\n\n终端可以看到实时日志，结果会以 CSV 形式写入 `output.csv`。\n\n\n\n## 📚 项目结构\n\n```\ncmd/hostcollision        # 程序入口（main）\ninternal/app             # 扫描流程编排：读入 -\u003e 扫描 -\u003e 写结果\ninternal/config          # 命令行参数解析与配置校验\ninternal/scanner         # 核心扫描逻辑（并发、HTTP、阈值控制）\ninternal/similarity      # 相似度计算模块\ninternal/iohelper        # 文件读写工具\ninternal/banner          # 终端 Banner 展示\n```\n\n\n\n## ⚠️ 法律与合规声明\n\n本工具仅供 **授权的安全测试与研究使用**。\n请勿在未获得明确授权的前提下，对任何目标使用本工具。\n使用本工具产生的一切后果由使用者自行承担。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblack5ugar%2Fhostcollision","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblack5ugar%2Fhostcollision","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblack5ugar%2Fhostcollision/lists"}