Skip to content

dsecuredcom/vhost-fuzzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
input
input
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
Readme.md
Readme.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

vhost-fuzzer

A high-performance virtual host fuzzing tool designed to discover virtual hosts by testing different host headers against IP addresses. It supports concurrent scanning, custom paths, and flexible filtering options.

Features

  • Fast concurrent scanning with customizable worker count
  • Support for both HTTP and HTTPS protocols
  • Custom path testing
  • Response filtering by status code and body content
  • Efficient memory management with connection pooling
  • Progress bar with real-time scanning status
  • Verbose mode for detailed request/response inspection

Building

Prerequisites

  • Go 1.19 or higher

Installation

# Clone the repository
git clone https://github.com/dsecuredcom/vhost-fuzzer.git

# Change to the project directory
cd vhost-fuzzer

# Build the binary
go build

Usage

Basic usage requires two input files: one containing IP addresses and another containing hostnames to test:

./vhost-fuzzer -ips ips.txt -hosts hosts.txt

Input File Format

Both the IPs and hosts files should contain one entry per line:

ips.txt:

192.168.1.1
192.168.1.2

hosts.txt:

example.com
test.example.com

Flags

Flag Default Description
-ips File containing IP addresses (required)
-hosts File containing hostnames (required)
-concurrency 100 Number of concurrent workers
-paths "/" Comma-separated list of paths to check
-protocol "http" Protocol to use (http/https)
-http-body-includes Strings to search for in response body (CSV)
-http-status-is 0 Expected HTTP status code
-request-timeout 10 Timeout for individual requests in seconds
-max-conn-timeout 5 Maximum connection duration in seconds
-read-timeout 10 Read timeout in seconds
-headers Additional HTTP headers (Format: "X1:v1; X2:v2)
-verbose false Show all requests and responses

Examples

Basic Scan

./vhost-fuzzer -ips ips.txt -hosts hosts.txt

Advanced Usage

# Scan with HTTPS and custom paths
./vhost-fuzzer -ips ips.txt -hosts hosts.txt -protocol https -paths /,/admin,/api

# Scan with specific status code matching
./vhost-fuzzer -ips ips.txt -hosts hosts.txt -http-status-is 200

# High-concurrency scan with body content matching
./vhost-fuzzer -ips ips.txt -hosts hosts.txt -concurrency 200 -http-body-includes "Welcome"

# Verbose mode with custom timeouts
./vhost-fuzzer -ips ips.txt -hosts hosts.txt -verbose -request-timeout 10 -read-timeout 8

Output

The tool will display:

  1. Total number of targets to be scanned
  2. Progress bar showing scanning status
  3. Any matches found based on specified criteria
  4. Scan duration upon completion

In verbose mode (-verbose), it will also show detailed request and response information for each attempt.

Notes

  • The tool automatically adjusts GOMAXPROCS to match the concurrency level
  • All paths are automatically prefixed with "/" if not provided
  • HTTPS connections skip certificate verification
  • The progress bar updates every 10,000 requests or every second, whichever comes first
  • Memory usage is optimized through connection and request/response pooling

About

Tool to fuzz for interesting vhost.

www.dsecured.com/

Topics

pentesting bugbounty it-security

Resources

Readme
Activity
Custom properties

Stars

16 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages