Subdomain/Vhost Fuzz

It is possible to have more than one domain hosted from a webserver. Each site will be referred to using a different sub-domain configured in the webserver. For e.g. a website by the name particle.com, can have n number of sub-domains xyz.particle.com, abc.particle.com, etcetera hosted from the same webserver.

In order to find the multiple domains hosted from a webserver, various tools can be used to fuzz the sub-domain to reveal the hosted virtal host.

FFUF

FFUF is a popular tool to fuzz a web server. In this case we are using the tool to fuzz the sub-domain of a webserver. The following command can be used to fuzz the web server,

ffuf -w /usr/share/wordlists/secLists/Discovery/DNS/bitquark-subdomains-top100000.txt:FUZZ -u http://particle42.com -H 'Host: FUZZ.particle42.com'  -fw 4 -t 100

PreviousURL & App Scan NextLogin Hack

Last updated 6 months ago