VHosts-Sieve is a searching for virtual hosts among non-resolvable domains.
Installation
git clone https://github.com/dariusztytko/vhosts-sieve.git
pip3 install -r vhosts-sieve/requirements.txt
Usage
Get a list of subdomains (e.g. using Amass)
$ amass enum -v -passive -o domains.txt -d example.com -d example-related.com
Use vhosts-sieve.py to find virtual hosts
$ python3 vhosts-sieve.py -d domains.txt -o vhosts.txt
Logs dir: None
Max domains to resolve: -1
Max IPs to scan: -1
Max vhost candidates to check: -1
Ports to scan: [80, 443, 8000, 8008, 8080, 8443]
SNI enabled: False
Threads number: 16
Timeout HTTP: 5.0s
Timeout TCP: 3.0s
Verbose: False
User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Resolving 12 domains...
Scanning 1 IPs...
Finding vhosts (active IPs: 1, vhost candidates: 7)...
Saved results (4 vhosts)
Output file contains discovered virtual hosts in the following format
165.22.264.81 80 http False zxcv.example.com 301
165.22.264.81 443 https False zxcv.example.com 200 dev.example.com 200 admin.example.com 401
Each line contains the following information:
Logs
Responses of the discovered virtual hosts can be logged (-l, –logs-dir option).
How it works?
To discover virtual hosts, the following steps are performed:
Virtual Host Candidates Validation
Virtual host candidates validation is performed as follow:
Please notice that response status code is not taken into consideration. The main assumption is that everything other than reference response is worth to analyse in details. Even 4xx and 5xx responses.
SNI
For the HTTPS protocol, it may be useful to send virtual host candidate name via Host header and SNI (TLS extension). This may allow to go through poorly configured SNI proxy. Use –enable-sni option to enable SNI mode.
Optimization
For the large networks with thousands subdomains, it may take many hours to check all virtual host candidates. The following options can be used to speed up the process:
Additionally, it is recommended to use -v (verbosity) option to see the results continuously.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…