Virtual Host Scanner

Search for Virtual Hosts Configured for Any IP Address

Contents of the Report

Here is what you can expect in Scantrics’ Virtual Host Scanner report:

Use Cases for Virtual Host Scanner

By using Virtual Host Scanner, organizations will be able to examine the security overview of websites sharing the same IP address. Organizations can find out how are websites connected to each other and get the insight on what will happen if one virtual host is successfully hacked by an attacker.

Site Discovery

Virtual Host Scanner is a tool that allows organization to find any websites that share the same IP address in real-time. Websites hosted on virtual hosts most likely have less security compared to the main website. This tool helps organization to determine what virtual hosts need to be secured after the scan is conducted.

Perform an Independent Asset Inventory

Sometimes organizations might overlook or forget to maintain websites they possess. Performing a scan via Virtual Host Scanner provides a comprehensive list of all these assets on the Internet. Hence, any necessary action can be taken accordingly before an attacker finds out and attempts to breach the unprotected website.

Technical Details

What is the Virtual Hosting method?

Virtual hosting is a method of running multiple websites on a single host which is sharing the same IP address. By using this method, a single web server is capable of hosting multiple independent websites, allowing one ‘host’ to share the same resources as the main website utilize.

Organizations often utilize virtual hosting to serve multiple websites, as they will be able to reduce the cost and it is easier to manage the websites within a single host. Most modern web server services, like Apache or Nginx, support virtual hosting as a configuration option.

What are the dangers of Virtual Hosting?

Despite the convenience, running multiple websites within a single host has security risk issues and might lead to a security breach. The reason being that resources, such as memory and processor cycles, are shared within a single web server when it runs multiple sites.

Each website in virtual hosts can have different vulnerabilities for attackers to exploit as the entry point into the web server. Therefore, if one website is compromised, then the attacker will have a higher chance to take over the rest of the websites hosted.

How it works?

Users of Virtual Host Scanner only need to insert either the IP address or Hostname as the target parameter. This tool should find the virtual host if it resides on the same IP address as the apex/root domain.

The tool will then perform the scan by using multiple discovery techniques such as:

Querying on public search engines

The query itself is usually a Google Dork query, such as “site:example.com” that will return a list of subdomains indexed on Google Search Engine.

DNS resolutions

By translating the IP address into the hostname. This task usually will need to contact the DNS server and request the PTR record of a specific IP that can give responses in hostname form as responses.

Analysing web redirects

Some of websites might have a link that will redirect the user to another subdomain when clicked by the user. Hence, the Virtual Host Scanner also crawls websites and check for any web redirects contained in the HTML page through certain HTML tags, such as href.

Searching in SSL certificates

By finding the subdomains associated with the SSL certificate. Any subdomain that uses the same SSL certificate (wildcard) can be found by scanning through the information in the SSL certificate. Most of the time, the web developer/network administrator will apply the same SSL certificate for the domain and subdomains associated for the purpose of manageability.