reddit hackernews mail facebook facebook linkedin


Searching for virtual hosts among non-resolvable domains.

Virtual host candidates validation is performed as follow:
1/ Request with the random (invalid) virtual host (Host header) is sent
2/ Response is saved as a reference
3/ Responses for virtual host candidates are compared to the reference response
4/ To increase chance of success, the following extra headers are sent
5/ Additionally, if too many valid virtual hosts are discovered, validation is stopped and the result is marked as "Stopped"

- IP address
- Port number
- Detected protocol (HTTP or HTTPS)
- "Stopped" flag
- List of discovered virtual hosts (with the response status code)
- Logs