VHostScan
A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Key Benefits: - Quickly highlight unique content in catch-all scenarios - Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time) - Identify aliases by tweaking the unique depth of matches - Wordlist supports standard words and a variable to input a base hostname (for e.g. dev.%s from the wordlist would be run as dev.BASE_HOST) - Works over HTTP and HTTPS - Ability to set the real port of the webserver to use in headers when pivoting through ssh/nc - Add simple response headers to bypass some WAF products - Identify new targets by using reverse lookups and append to wordlist Product Comparisons: - Install on docker (recommended) - git clone https://github.com/codingo/VHostScan.git - cd VHostScan - docker build -t vhostscan . - Then run application `docker run --rm -it vhostscan -t` - Install Requirements: - Install using: $ python3 setup.py install - Dependencies will then be installed and VHostScan will be added to your path. - If there is an issue regarding running py
FEATURES
SIMILAR TOOLS
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
Simple script to check a domain's email protections and identify vulnerabilities.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.