# VHOST probing ## What is Virtual Host? VHOST(Virtual Host) refers to the practice of running more than one website (such as `company1.example.com` and `company2.example.com`) on a single machine. There are mainly 2 types of Virtual hosts: 1. **IP-based Virtual Host:** In IP-based Virtual Host, we have different IP addresses for every website. 2. **Name-based Virtual Host:**✔️ In named-based Virtual Host, several websites are hosted on the same IP. Mostly this type is widely and preferred in order to preserve IP space. But when talking about VHOST we are generally talking about **Named-based Virtual hosts.** ### How does this actually work? Now, you would be confused about how will the webserver differentiate to which website it has to send my requests since many websites are being hosted on the same server with the same IP. It's through the "**Host header**". The web server identifies which content to serve up once it receives the Host header from the client. ![](/files/FQV3Nys1OLbMyI0L6gpH) ### How to identity VHOST on a single IP? For this purpose, we can use a tool called[ HostHunter](https://github.com/SpiderLabs/HostHunter). ### [HostHunter](https://github.com/SpiderLabs/HostHunter) * **Author**: [SpiderLabs](https://github.com/SpiderLabs) * **Language**: Python #### Installation: ``` git clone https://github.com/SpiderLabs/HostHunter.git pip3 install -r requirements.txt ``` #### Running: ``` python3 hosthunter.py ip_addresses.txt ``` ![A total of 336 websites are hosted on the same IP](/files/jGn2L2TvtvLSdowPSbTZ) ## VHOST bruteforcing > Sorry to say, I couldn't find appropriate content around the internet related to this topic. Me myself don't use this technique, but yes this is also an technique to discover VHOSTS ``` gobuster vhost -u https://example.com -t 50 -w subdomains.txt ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sidxparab.gitbook.io/subdomain-enumeration-guide/active-enumeration/vhost-probing.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.