Virtual Hosts
Introduction
Virtual hosts are configurations within a web server that allow multiple websites or applications to be hosted on a single server.
The key difference between VHosts and sub-domains is that a VHost is basically a sub-domain served on the same server and has the same IP, such that a single IP could be serving two or more different websites.
Virtual Hosts Types
Name-Based Virtual Hosts
Multiple domain names are hosted on a single IP address, using the Host header to determine which site to serve.
Example:
Multiple domains like example1.com and example2.com can share the same IP address (e.g., 192.0.2.1).
IP-Based Virtual Hosts
It assigns a unique IP address to each website hosted on the server.
The server determines which website to serve based on the IP address to which the request was sent.
Example:
example1.com might be assigned 192.0.2.2, and example2.com might use 192.0.2.3.
Port-Based Virtual Hosts
Different websites are hosted on the same IP address but on different ports, allowing differentiation based on the port number.
Example:
example1.com might run on port 8080, while example2.com runs on port 8081, both sharing the IP 192.0.2.1.
VHosts Fuzzing
With gobuster
Command:
gobuster vhost -u http://<target_IP_address> -w <wordlist_file> --append-domainFlags:
-u: specifies the target URL-w: specifies the wordlist file--append-domain: appends the base domain to each word in the wordlist
Other flags:
-k: ignores SSL/TLS certificate errors-tflag to increase the number of threads for faster scanning-o: saves the output to a file for later analysis
With ffuf
Command:
ffuf -w /path/to/subdomains-list:FUZZ -u http://mydomain.com/ -H 'Host: FUZZ.mydomain.com'Flags:
-H: specifies the header
Last updated