Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/jobertabma/virtual-host-discovery

A script to enumerate virtual hosts on a server.
https://github.com/jobertabma/virtual-host-discovery

Last synced: 7 months ago
JSON representation

A script to enumerate virtual hosts on a server.

Awesome Lists containing this project

README 

          
# Virtual host scanner

This is a basic HTTP scanner that'll enumerate virtual hosts on a given IP address. During recon, this might help expand the target by detecting old or deprecated code. It may also reveal hidden hosts that are statically mapped in the developer's `/etc/hosts` file.



## Usage

The tool comes with a few basic options. They are listed below and help narrow down virtual hosts.



```

ruby scan.rb --ip=192.168.1.101 --host=domain.tld

```



Here's a list of all available options:



 - **--ignore-http-codes**: a comma-separated list of HTTP status codes to be ignored in the scan results. This may become useful when the scan results are poluted with false-positives that are identified by their HTTP response code.

 - **--ignore-content-length**: a content length filter which should be ignored in the scan results. This may become useful when a server returns a static page on every virtual host guess.

 - **--port**: when the web server isn't running on port 80.

 - **--wordlist**: specify an alternative location for the wordlist.

 - **--ssl**: `on` or `off` depending on whether you want to connect with SSL.

 - **--output**: optionally specify an alternative file to write the output to. Defaults to `output.txt` in the current directory.



## Wordlist

There's a default, small, wordlist in this repository. To use your own wordlist, use the **--wordlist** option. **%s** will be replaced with the given **--host** header in every line of the wordlist file.