Virtual Hosts
vHost is a feature that allows several websites to be hosted on a single server.
Automating Virtual Hosts Discovery
MATCHER OPTIONS:
-mc Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403,405)
-ml Match amount of lines in response
-mr Match regexp
-ms Match HTTP response size
-mw Match amount of words in response
FILTER OPTIONS:
-fc Filter HTTP status codes from response. Comma separated list of codes and ranges
-fl Filter by amount of lines in response. Comma separated list of line counts and ranges
-fr Filter regexp
-fs Filter HTTP response size. Comma separated list of sizes and ranges
-fw Filter by amount of words in response. Comma separated list of word counts and ranges
neutron@kali[/kali]$ ffuf -w ./vhosts -u http://192.168.10.10 -H "HOST: FUZZ.randomtarget.com" -fs 612
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v1.1.0-git
________________________________________________
:: Method : GET
:: URL : http://192.168.10.10
:: Wordlist : FUZZ: ./vhosts
:: Header : Host: FUZZ.randomtarget.com
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405
:: Filter : Response size: 612
________________________________________________
dev-admin [Status: 200, Size: 120, Words: 7, Lines: 12]
www [Status: 200, Size: 185, Words: 41, Lines: 9]
some [Status: 200, Size: 195, Words: 41, Lines: 9]
:: Progress: [12/12] :: Job [1/1] :: 0 req/sec :: Duration: [0:00:00] :: Errors: 0 ::
-
-w: Path to our wordlist -
-u: URL we want to fuzz -
-H "HOST: FUZZ.randomtarget.com": This is theHOSTHeader, and the wordFUZZwill be used as the fuzzing point. -
-fs 612: Filter responses with a size of 612, default response size in this case.