Virtual Host Scanner
Search for Virtual Hosts Configured for Any IP Address
Full Scan
Full Scan might take 1 – 2 hours to complete. Please insert ONLY corporate emails to continue the full scan features and receive the report. (Free email providers such as Gmail, Yahoo would not be accepted)
Are you sure want to stop scanning?
You will not get any report once the scan is stopped.
Search for Virtual Hosts Configured for Any IP Address
Contents of the Report
- Discovered virtual hosts and their IP addresses
- Results are acquired in real-time

Use Cases for Virtual Host Scanner
Technical Details
Virtual hosting is a method of running multiple websites on a single host which is sharing the same IP address. By using this method, a single web server is capable of hosting multiple independent websites, allowing one ‘host’ to share the same resources as the main website utilize.
Organizations often utilize virtual hosting to serve multiple websites, as they will be able to reduce the cost and it is easier to manage the websites within a single host. Most modern web server services, like Apache or Nginx, support virtual hosting as a configuration option.
Despite the convenience, running multiple websites within a single host has security risk issues and might lead to a security breach. The reason being that resources, such as memory and processor cycles, are shared within a single web server when it runs multiple sites.
Each website in virtual hosts can have different vulnerabilities for attackers to exploit as the entry point into the web server. Therefore, if one website is compromised, then the attacker will have a higher chance to take over the rest of the websites hosted.
How it works?
Users of Virtual Host Scanner only need to insert either the IP address or Hostname as the target parameter. This tool should find the virtual host if it resides on the same IP address as the apex/root domain.
The tool will then perform the scan by using multiple discovery techniques such as:
Querying on public search engines
The query itself is usually a Google Dork query, such as “site:example.com” that will return a list of subdomains indexed on Google Search Engine.
DNS resolutions
By translating the IP address into the hostname. This task usually will need to contact the DNS server and request the PTR record of a specific IP that can give responses in hostname form as responses.
Analysing web redirects
Some of websites might have a link that will redirect the user to another subdomain when clicked by the user. Hence, the Virtual Host Scanner also crawls websites and check for any web redirects contained in the HTML page through certain HTML tags, such as href.
Searching in SSL certificates
By finding the subdomains associated with the SSL certificate. Any subdomain that uses the same SSL certificate (wildcard) can be found by scanning through the information in the SSL certificate. Most of the time, the web developer/network administrator will apply the same SSL certificate for the domain and subdomains associated for the purpose of manageability.