VHostScan Logo

VHostScan

0
Free
Visit Website

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Key Benefits: - Quickly highlight unique content in catch-all scenarios - Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time) - Identify aliases by tweaking the unique depth of matches - Wordlist supports standard words and a variable to input a base hostname (for e.g. dev.%s from the wordlist would be run as dev.BASE_HOST) - Works over HTTP and HTTPS - Ability to set the real port of the webserver to use in headers when pivoting through ssh/nc - Add simple response headers to bypass some WAF products - Identify new targets by using reverse lookups and append to wordlist Product Comparisons: - Install on docker (recommended) - git clone https://github.com/codingo/VHostScan.git - cd VHostScan - docker build -t vhostscan . - Then run application `docker run --rm -it vhostscan -t` - Install Requirements: - Install using: $ python3 setup.py install - Dependencies will then be installed and VHostScan will be added to your path. - If there is an issue regarding running py

FEATURES

ALTERNATIVES

A wargame composed of 27 levels, with files needed in /vortex/ directory.

A Pythonic interface to the Internet Storm Center / DShield API

Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.

Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.

All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.

A series of small test cases designed to exercise different parts of a static security analyzer

A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages

A tool for detecting and preventing secrets in code

PINNED