VHostScan Versions Save

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

1.21

6 years ago

Features

  • Addition of setup.py script in #83

Bug Fixes

  • Fix for SNI issues when scanning over SSL #81
  • Suppress insecure warnings within requests when scanning over SSL in #85

1.8

6 years ago

Features

  • Added prefix and suffix options for wordlist, closed in #80
  • '-' Flag no longer needed for piping in wordlist information, now native, closed in #74
  • Added verbose output option for developers in #80
  • Added output grepable support in #71 (requested in #6)
  • Added feedback to the user when json output fails in #70

1.6.3

6 years ago

Bug Fixes

  • Resolved application halting with missing PTR records in #68 with #69

1.6.2

6 years ago

Refactor

  • Overhaul of code base to adopt strict PEP8 standards (see #65)
  • Added json import to avoid type error in output (see #66)
  • Moved argument logic into its own class (see #64)

Features

  • Added first-hit flag for CTF events (see #63)

1.5.4

6 years ago

Bug Fixes

  • Fixed scans not working for SSL in #62 (originally referred to in #49)

Improvements

  • Updated oJ (output json) to better format json outputs in #60

1.5.2

6 years ago

Bug Fixes / Improvements

  • Fixed output JSON not outputting command line flags used with scan with #53.
  • Fixed output normal and output json throwing an exception if the base directory used didn't exist with #53.

1.5.1

6 years ago

Additions

  • Output json support added with #50
  • Added command line flag for random-user agent to be used with #48
  • Added command line flag to allow the user to specify a user agent with #48

Bug Fixes

  • Fixed revision to rate-limit from #40. Unsure if introduced with #50 or a bug from a prior build.

1.3

6 years ago

Additions

  • Updated for support for multiple wordlists (Closes #1)
  • Added reverse lookups to identify new terms for inclusion in scan (Closes #43)

1.1

6 years ago

Refactoring for a more efficient code base and addition of rate limiting (--rate-limit) between scans.

1.0

6 years ago

First production release of VHostScan

Core features

  • Quickly highlight unique content in catch-all scenarios
  • Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time)
  • Identify aliases by tweaking the unique depth of matches
  • Wordlist supports standard words and a variable to input a base hostname (for e.g. dev.%s from the wordlist would be run as dev.BASE_HOST)
  • Work over HTTP and HTTPS
  • Ability to set the real port of the webserver to use in headers when pivoting through ssh/nc
  • Add simple response headers to bypass some WAF products