Need a Managed Penetration Test?
Try our Services
Sample Report
Here is a Find Virtual Hosts sample report:
- Includes discovered virtual hosts and their IP addresses
- The results are obtained in real-time
- You can quickly start in-depth scans using Scan with button
Find Virtual Hosts - Use Cases
Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.
Increase the Attack Surface
Discover additional websites which are hosted on the same IP address. They may be less secure than the main website and may help you to gain easier access to the target.
Asset Inventory
This tool helps you to perform an independent asset inventory and to check if there are any forgotten, unmaintained and unnecessary websites hosted on your servers.
Real-Time Discovery
The results of Find Virtual Hosts are obtained in real-time and no caching mechanism is used. This ensures that you always have up-to date results.
Technical Details
About
A single web server can be configured to run multiple websites at once, under different domain names. These are called virtual hosts (or vhosts) and they are usually found in shared hosting environments.
Example:
As a penetration tester, finding all the vhosts that run on a web server (based on its IP address) is important because each website may contain vulnerabilities that affect the same server. Furthermore, if one website is compromised, there is a high chance that the attacker gains unauthorized access to the other websites also that are running on the same server. Hence, testing all the vhosts is necessary for a complete coverage of the penetration test.
Example:
www.company1.com -> 109.11.231.5
test.company2.com -> 109.11.231.5
sales.company3.com -> 109.11.231.5
As a penetration tester, finding all the vhosts that run on a web server (based on its IP address) is important because each website may contain vulnerabilities that affect the same server. Furthermore, if one website is compromised, there is a high chance that the attacker gains unauthorized access to the other websites also that are running on the same server. Hence, testing all the vhosts is necessary for a complete coverage of the penetration test.
Parameters
| Parameter | Description |
|---|---|
| IP address or Hostname | This identifies the server on which you search for virtual hosts. If a hostname is given, DNS resolution will be attempted first in order to find its IP address. |
How it works
There are multiple discovery techniques that are implemented by this tool, such as:
- Searching in public search engines
- DNS resolutions
- Analyzing web redirects
- Searching in SSL certificates
