{"id":39860373,"url":"https://github.com/shriyanss/vhost-master","last_synced_at":"2026-01-18T13:58:26.243Z","repository":{"id":218247042,"uuid":"745950378","full_name":"shriyanss/vhost-master","owner":"shriyanss","description":"Command line utility to hunt for Virtual Hosts","archived":false,"fork":false,"pushed_at":"2024-02-01T12:42:24.000Z","size":63,"stargazers_count":3,"open_issues_count":10,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-13T06:39:12.914Z","etag":null,"topics":["bugbounty","bughunting","cybersecurity","infosec","webappsecurity"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/vhost-master/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shriyanss.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-01-20T16:34:13.000Z","updated_at":"2024-03-08T02:55:03.000Z","dependencies_parsed_at":"2024-01-20T18:23:40.819Z","dependency_job_id":"57dd9a56-837b-43a9-b529-67f30a3e396a","html_url":"https://github.com/shriyanss/vhost-master","commit_stats":null,"previous_names":["shriyanss/vhost-master"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/shriyanss/vhost-master","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shriyanss%2Fvhost-master","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shriyanss%2Fvhost-master/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shriyanss%2Fvhost-master/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shriyanss%2Fvhost-master/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shriyanss","download_url":"https://codeload.github.com/shriyanss/vhost-master/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shriyanss%2Fvhost-master/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28537482,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T13:04:05.990Z","status":"ssl_error","status_checked_at":"2026-01-18T13:01:44.092Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bughunting","cybersecurity","infosec","webappsecurity"],"created_at":"2026-01-18T13:58:25.643Z","updated_at":"2026-01-18T13:58:26.220Z","avatar_url":"https://github.com/shriyanss.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# vhost_master v0.0.4\nCommand line utility to hunt for Virtual Hosts\n\n## Table of contents\n- [Features](#features)\n- [Installation](#installation)\n    - [Using `pip` (recommeded)](#using-pip-recommeded)\n    - [Manually using source](#manually-using-source)\n    - [Use without installation](#use-without-installation)\n- [Upgrade the tool](#upgrade-the-tool)\n- [Usage](#usage)\n- [Examples](#examples)\n- [Social Links](#social-links)\n\n## Features\n1. Get the list of IP addresses having different hostnames (*v0.0.1 onwards*)\n1. Bruteforce VHosts as per user specified input (*v0.0.3 onwards*)\n\n**Upcoming features:-**\n1. Generate output (plain text, JSON, html)\n1. Generate wordlists\n1. Analyze responses to make bruteforcing VHosts easier\n\nOther features requested can be found on the [issues tab](https://github.com/shriyanss/vhost-master/issues?q=is%3Aopen+is%3Aissue+label%3Aenhancement)\n\n## Installation\nThe tool can be installed with the following command:-\n\n### Using `pip` (recommeded)\nYou can install this tool by simply running the following command:-\n```\npip3 install vhost-master\n```\n\nOR\n```\npython3 -m pip install vhost-master\n```\n\n**NOTE: If you are using Mac OS, consider installing it with sudo (tested with `macOS Sonoma`)**\n\n### Manually using source\nDownload and extract files from one of the releases from https://github.com/shriyanss/vhost-master/releases. Then,\n\n\n**Install for current user:-**\n```\npython3 setup.py install --user\n```\n\n**Install for all users:-**\n```\nsudo python3 setup.py install\n```\n\n### Use without installation\nIf you want to use the script without installing the tool, you can execute `vhost_master-runner.py`. E.g.\n```\ncat subdomains.txt | python3 vhost_master-runner.py\n```\n\nAll the options remains the same\n\n\u003c!-- **NOTE: If you install directly from `git clone`, you might encounter some errors. So, consider installing from [releases](https://github.com/shriyanss/vhost-master/releases) instead** --\u003e\n\n## Upgrade the tool\nIf you see a message that says that the tool is outdated, you can simply upgrade it using `pip`:-\n```\npip3 install vhost-master --upgrade\n```\n\n## Usage\n```\nUsage: cat subdomains.txt | vhost_master\n```\n\n```\nusage: vhost_master-runner.py [-h] [--resolver-runs RESOLVER_RUNS] [-s] [--discover-vhost DISCOVER_VHOST] [-b] [--skip-resolve] [-d DOMAIN] [-c CONDITIONS]\n                              [-w WORDLIST] [--absolute-wordlist] [-t THREADS] [-p PROTOCOL] [--force-all-ports]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --resolver-runs RESOLVER_RUNS\n                        Number of times to run the resolver to increase the accuracy of the output (default=10)\n  -s, --silent          Silent mode (boolean flag)\n  --discover-vhost DISCOVER_VHOST\n                        Discover which IP address has the given VHost\n  -b, --bruteforce      Bruteforce using the given wordlist\n  --skip-resolve        Skip resolving IP addresses. Rather, use file parsed from pipe as IP address list (should be used with -b/--bruteforce) (-d/--domain\n                        required)\n  -d DOMAIN, --domain DOMAIN\n                        Target domain (required with --skip-resolve)\n  -c CONDITIONS, --conditions CONDITIONS\n                        Conditions to consider if a valid VHost exists. See https://github.com/shriyanss/vhost-master/match_conditions.md\n  -w WORDLIST, --wordlist WORDLIST\n                        Wordlist to use (required with -b/--bruteforce)\n  --absolute-wordlist   Absolute values given in the wordlist\n  -t THREADS, --threads THREADS\n                        Number of threads (default=30)\n  -p PROTOCOL, --protocol PROTOCOL\n                        Protocol to use (default=\"http:80,https:443\")\n  --force-all-ports     If both http:80 \u0026 https:443 are open, tool will skip http:80 and show results for https:443. Use this flag to disable it\n```\n\n## Examples\nSuppose you have a list of subdomains and you want to get the IP addresses, on which VHost fuzzing can be done. Assuming the subdomains file to be `subdomains.txt`, you'll run the following command:-\n```\ncat subdomains.txt | vhost_master\n```\n\nIf you just want to print IP addresses and not other messages, you can use the following command:-\n```\ncat subdomains.txt | vhost_master -s\n```\n\nIf you want to bruteforce with a wordlist, and filter status codes 404 and 400, here's an example:-\n```\ncat subdomains.txt | vhost_master -b -w wordlist.txt --conditions \"status!=404,status!=400\"\n```\n\nIn this example, if both port 80 and 443 are open, tool will skip port 80 and just scan 443. To scan both ports, use the flag `--force-all-ports`\n```\ncat subdomains.txt | vhost_master -b -w wordlist.txt --conditions \"status!=404,status!=400\" --force-all-ports\n```\n\nIf you want to discover which IP address has a given VHost, use the flag `--discover-vhost DISCOVER_VHOST`. E.g.\n```\ncat subdomains.txt | vhost_master --discover-vhost admin.target.com\n```\n\n## Social Links\nIf you liked this tool, please consider following me ;)\n- X (Formerly Twitter): [@ss0x00](https://twitter.com/ss0x00)\n- LinkedIn: [@shriyans-sudhi](https://www.linkedin.com/in/shriyans-sudhi/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshriyanss%2Fvhost-master","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshriyanss%2Fvhost-master","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshriyanss%2Fvhost-master/lists"}