Vhosts vs Subdomains
At the core of virtual hosting is the ability of web servers to distinguish between multiple websites or applications sharing the same IP address. This is achieved by leveraging the HTTP Host header, a piece of information included in every HTTP request sent by a web browser.
Info
Subdomains: are extensions of a main domain (e.g.,blog.example.comfor example.com). They have their ownDNS recordsand can point to the same or different IP addresses.
Virtual Hosts(Vhosts): are web server configurations that allow multiple websites or applications to run on a single server. They can be linked to main domains (e.g., example.com) or subdomains (e.g.,dev.example.com).
Gobuster
Gobuster is a directory/file, dns and vhost busting tool written in Go.
gobuster vhost -u http://example.com -w /wordlists/subdomains.txtFfuf
Ffuf is a fast web fuzzer written in Go.
ffuf -u http://example.com -H "Host: FUZZ.example.com" -w /wordlists/subdomains.txtCurl
# Sending curl request with the host header
curl -s http://example.com -H "Host: vhost.example.com"
# Fuzzing using curl
cat vhosts.txt | while read vhost;do echo "\n********\nFUZZING: ${vhost}\n********"; curl -s -I http://example.com -H "HOST: ${vhost}.example.com" | grep "Content-Length: "; done