{"id":18926026,"url":"https://github.com/sweetsoftware/vhostmap","last_synced_at":"2025-07-06T03:06:40.843Z","repository":{"id":37395181,"uuid":"457027787","full_name":"sweetsoftware/vhostmap","owner":"sweetsoftware","description":"Find virtual hosts (vhosts) from IP addresses and hostnames","archived":false,"fork":false,"pushed_at":"2022-02-09T10:22:09.000Z","size":7,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-15T15:52:54.120Z","etag":null,"topics":["bug-bounty","bugbounty","bugbounty-tool","hostmapper","hostnames","ip","osint","penetration-testing","python3","recon","reconnaissance","vhost","vhosts","virtual-hosts"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sweetsoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-08T17:08:09.000Z","updated_at":"2024-08-06T01:34:24.000Z","dependencies_parsed_at":"2022-09-04T15:04:32.888Z","dependency_job_id":null,"html_url":"https://github.com/sweetsoftware/vhostmap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sweetsoftware/vhostmap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sweetsoftware%2Fvhostmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sweetsoftware%2Fvhostmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sweetsoftware%2Fvhostmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sweetsoftware%2Fvhostmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sweetsoftware","download_url":"https://codeload.github.com/sweetsoftware/vhostmap/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sweetsoftware%2Fvhostmap/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263841614,"owners_count":23518487,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bugbounty","bugbounty-tool","hostmapper","hostnames","ip","osint","penetration-testing","python3","recon","reconnaissance","vhost","vhosts","virtual-hosts"],"created_at":"2024-11-08T11:14:16.861Z","updated_at":"2025-07-06T03:06:40.817Z","avatar_url":"https://github.com/sweetsoftware.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Features\r\n\r\nEnumerate vhosts from a list of IP addresses and domain names.\r\n\r\nVirtual Hosts are enumerated using the following process:\r\n\r\n* Supplied domains are resolved (all IPv4 and IPv6 addresses are added to scope)\r\n* All IP addresses are scanned for HTTP(S) services (using a default port list, see help)\r\n* Query external APIs (rapiddns) if enabled via --apis to find vhosts from IP or subdomains from domain\r\n* For all HTTP services, find vhosts using these techniques :\r\n    * TLS certificate parsing (for hosts with TLS service running)\r\n        * CertCN\r\n        * AltNames\r\n    * HTTP headers parsing (for detected HTTP services)\r\n        * Location header\r\n        * Access-Control-Allow-Origin header\r\n        * Content-Security-Policy header\r\n    * JavaScript redirect (\\*.location=) when contains absolute URL\r\n* The whole process is repeated N times (--recursion-depth, default 2) on newfound IP addresses and hostnames. Increasing recursion depth will enumerate more hosts but may go out of scope.\r\n\r\n\r\n# Install\r\n\r\n```\r\npip3 install -r requirements.txt\r\n```\r\n\r\n# Quick usage\r\n\r\ntargets.txt contains a newline-separated list of hostnames, ip addresses and CIDRS\r\n\r\n```\r\n$ cat targets.txt \r\naccounts.coinbase.com\r\napi.coinbase.com\r\napi.custody.coinbase.com\r\napi.exchange.coinbase.com\r\napi.pro.coinbase.com\r\napi-public.sandbox.pro.coinbase.com\r\napi.wallet.coinbase.com\r\napp.analytics.coinbase.com\r\nassethub-api.coinbase.com\r\nassets.coinbase.com\r\nassets-test.coinbase.com\r\nbeta.coinbase.com\r\nbilling-systems.coinbase.com\r\nblockchain.wallet.coinbase.com\r\nblog.coinbase.com\r\nbraintree-webhooks.coinbase.com\r\nbuy.coinbase.com\r\ncard.coinbase.com\r\ncloud.coinbase.com\r\ncommunity.coinbase.com\r\n...\r\n```\r\n\r\nSimple usage:\r\n```\r\n# ./vhostmap.py -t targets.txt \r\n################################################################################\r\n# PASS 1\r\n# IP to process: 0\r\n# Hostnames to process: 70\r\n################################################################################\r\n[A] developer.coinbase.com 104.18.7.10\r\n[A] developer.coinbase.com 104.18.6.10\r\n[A] api.coinbase.com 104.18.7.10\r\n[A] api.coinbase.com 104.18.6.10\r\n[A] status.prime.coinbase.com 104.18.12.68\r\n[A] status.prime.coinbase.com 104.18.13.68\r\n[A] assethub-api.coinbase.com 104.18.7.10\r\n[A] assethub-api.coinbase.com 104.18.6.10\r\n[A] published-assets.coinbase.com 13.249.15.64\r\n[A] published-assets.coinbase.com 13.249.15.5\r\n[A] published-assets.coinbase.com 13.249.15.121\r\n\r\n[...]\r\n\r\n################################################################################\r\n# PASS 2\r\n# IP to process: 129\r\n# Hostnames to process: 0\r\n################################################################################\r\n[HTTPService] 104.18.31.151 http://104.18.31.151:80\r\n[HTTPService] 104.18.15.237 http://104.18.15.237:80\r\n[HTTPService] 104.18.20.159 http://104.18.20.159:80\r\n[HTTPService] 162.159.152.4 http://162.159.152.4:80\r\n[CertCN] https://104.18.105.40:8443 billing-systems.coinbase.com\r\n[CertAltName] https://104.18.105.40:8443 billing-systems.coinbase.com\r\n[HTTPService] 104.18.105.40 https://104.18.105.40:443\r\n[CertCN] https://104.18.105.40:443 billing-systems.coinbase.com\r\n[CertAltName] https://104.18.105.40:443 billing-systems.coinbase.com\r\n[HTTPService] 143.204.226.63 http://143.204.226.63:80\r\n[HTTPService] 104.18.8.157 http://104.18.8.157:80\r\n[HTTPService] 143.204.51.121 http://143.204.51.121:80\r\n[HTTPService] 143.204.51.77 http://143.204.51.77:80\r\n[HTTPService] 13.249.15.5 http://13.249.15.5:80\r\n\r\n[...]\r\n\r\nRESULTS\r\n=========\r\n104.18.6.10 assets-test.coinbase.com translations.coinbase.com sessions.coinbase.com assets.coinbase.com login.coinbase.com assethub-api.coinbase.com www42.coinbase.com graphql.coinbase.com widget.coinbase.com listing.coinbase.com api.coinbase.com braintree-webhooks.coinbase.com sourcemaps.coinbase.com developer.coinbase.com learn.coinbase.com support-dev.coinbase.com status.coinbase.com images.coinbase.com buy.coinbase.com events-service.coinbase.com www.coinbase.com support.coinbase.com cloud.coinbase.com jobs.coinbase.com taxforms.coinbase.com community.coinbase.com static.coinbase.com prime-brokerage.coinbase.com beta.coinbase.com ws.coinbase.com dev.coinbase.com pay.coinbase.com emails.coinbase.com\r\n2606:4700::6812:60a assets-test.coinbase.com translations.coinbase.com sessions.coinbase.com assets.coinbase.com login.coinbase.com assethub-api.coinbase.com www42.coinbase.com graphql.coinbase.com widget.coinbase.com listing.coinbase.com api.coinbase.com braintree-webhooks.coinbase.com sourcemaps.coinbase.com developer.coinbase.com learn.coinbase.com support-dev.coinbase.com status.coinbase.com images.coinbase.com buy.coinbase.com events-service.coinbase.com www.coinbase.com support.coinbase.com cloud.coinbase.com jobs.coinbase.com taxforms.coinbase.com community.coinbase.com static.coinbase.com prime-brokerage.coinbase.com beta.coinbase.com ws.coinbase.com dev.coinbase.com pay.coinbase.com emails.coinbase.com\r\n104.18.7.10 assets-test.coinbase.com translations.coinbase.com sessions.coinbase.com assets.coinbase.com login.coinbase.com assethub-api.coinbase.com www42.coinbase.com graphql.coinbase.com widget.coinbase.com listing.coinbase.com api.coinbase.com braintree-webhooks.coinbase.com sourcemaps.coinbase.com developer.coinbase.com learn.coinbase.com support-dev.coinbase.com status.coinbase.com images.coinbase.com buy.coinbase.com events-service.coinbase.com www.coinbase.com support.coinbase.com cloud.coinbase.com jobs.coinbase.com taxforms.coinbase.com community.coinbase.com static.coinbase.com prime-brokerage.coinbase.com beta.coinbase.com ws.coinbase.com dev.coinbase.com pay.coinbase.com emails.coinbase.com\r\n\r\n[...]\r\n```\r\n\r\nExample 2 : \r\n\r\n```\r\n# ./vhostmap.py -t targets.txt -p large --apis -o out\r\n```\r\n- **--apis** : Use external API to find subdomains and virtual hosts (rapiddns)\r\n- **-p large** : Search for web services on a larger port list\r\n- **-o out** : Store results in \"out\" folder\r\n\r\nOutput folder contains multiple result files:\r\n\r\n* all-hostnames.txt : final hostname list, one by line\r\n* all-ips.txt : final list of all IP address associated with one or more hostnames, one by line\r\n* all-urls.txt : all valid web services found, one by line\r\n* hosts.txt : /etc/hosts format file associating IP addresses with vhosts\r\n* log.txt : tool output\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsweetsoftware%2Fvhostmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsweetsoftware%2Fvhostmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsweetsoftware%2Fvhostmap/lists"}