vhost-enumeration
CommunityUncover hidden virtual hosts on shared IPs
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Standard subdomain enumeration often misses internal-only, development, or admin virtual hosts that share an IP address with public services, as these hosts only respond to specific Host headers or are only listed in SSL certificate SAN fields, leaving them invisible to standard DNS-based reconnaissance techniques.
Core Features & Use Cases
- Host Header Fuzzing: Brute-force valid virtual hostnames using ffuf with custom Host headers to identify hosts that return unique responses.
- SSL Certificate SAN Extraction: Parse TLS certificates to extract all domain names associated with an IP address, revealing hidden services exposed via HTTPS.
- PTR Reverse DNS Lookup: Resolve PTR records for IP ranges to discover hostnames associated with target network ranges.
- Use Case: When assessing a company's public infrastructure, this skill can uncover unlisted staging environments or internal admin panels that are not present in public DNS records, expanding your reconnaissance coverage.
Quick Start
Use the vhost-enumeration skill to fuzz the Host header for target IP 203.0.113.10 with your DNS wordlist and extract all associated hostnames from its SSL certificate SAN field.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: vhost-enumeration Download link: https://github.com/uphiago/recon-skills/archive/main.zip#vhost-enumeration Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.