A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
HTTPS is broken because python-requests is handed the target, not the entry from the wordlist. This is fine for non-TLS sites, but breaks SNI.
The downside to handing the wordlist entry over is that python-requests will use the system resolver and go to where that points instead of the specified target.
HTTPS is broken because python-requests is handed the target, not the entry from the wordlist. This is fine for non-TLS sites, but breaks SNI.
The downside to handing the wordlist entry over is that python-requests will use the system resolver and go to where that points instead of the specified target.
Using -b (BASE_HOST) is also broken for HTTPS.
I believe it can be made to work with monkey patching as per here: https://stackoverflow.com/questions/22609385/python-requests-library-define-specific-dns