Hacking Tools

VHostScan – Virtual Host Scanner With Alias & Catch-All Detection

h, help Display help message and exit

t TARGET_HOSTS Set the target host.

b BASE_HOST Set host to be used during substitution in wordlist (default to TARGET).

w WORDLISTS Set the wordlist(s) to use. You may specify multiple wordlists in comma delimited format (e.g. w “./wordlists/simple.txt, ./wordlists/hackthebox.txt” (default ./wordlists/virtualhostscanning.txt).

p PORT Set the port to use (default 80).

r REAL_PORT The real port of the web server to use in headers when not 80 (see RFC2616 14.23), useful when pivoting through ssh/nc etc (default to PORT).

ignorehttpcodes IGNORE_HTTP_CODES Commaseparated list of HTTP codes to ignore with virtual host scans (default 404).

ignorecontentlength IGNORE_CONTENT_LENGTH Ignore content lengths of specified amount.

uniquedepth UNIQUE_DEPTH Show likely matches of page content that is found x times (default 1).

ssl If set then connections will be made over HTTPS instead of HTTP.

fuzzylogic If set then all unique content replies are compared and a similarity ratio is given for each pair. This helps to isolate vhosts in situations where a default page isn‘t static (such as having the time on it).

–no-lookups Disbale reverse lookups (identifies new targets and append to wordlist, on by default).

–rate-limit Amount of time in seconds to delay between each scan (default 0).

–random-agent If set, each scan will use a random user-agent from a predefined list.

–user-agent Specify a user agent to use for scans.

–waf If set then simple WAF bypass headers will be sent.

-oN OUTPUT_NORMAL Normal output printed to a file when the -oN option is specified with a filename argument.

-oJ OUTPUT_JSON JSON output printed to a file when the -oJ option is specified with a filename argument.

– By passing a blank ‘you tell VHostScan to expect input from stdin (pipe).

Source : DarkNet

Previous ArticleNext Article
Send this to a friend