Skip to content

Rewrite vhost module as virtualhost with native blasthttp#2993

Open
liquidsec wants to merge 9 commits intoblasthttp-integration-cleanfrom
add-virtualhost-module
Open

Rewrite vhost module as virtualhost with native blasthttp#2993
liquidsec wants to merge 9 commits intoblasthttp-integration-cleanfrom
add-virtualhost-module

Conversation

@liquidsec
Copy link
Copy Markdown
Contributor

@liquidsec liquidsec commented Mar 27, 2026
edited
Loading

Summary

Complete rewrite of the vhost module (now renamed to virtualhost). The old module was a thin wrapper around the ffuf Go binary for Host header fuzzing. The new module is a native Python implementation using blasthttp for all HTTP requests, with significantly expanded detection capabilities.

Requires #2992 (blasthttp integration). Supersedes #2672.

What changed from the old vhost module

Architecture:

  • No longer inherits from ffuf or shells out to any external binary
  • All HTTP requests go through self.helpers.request() with resolve_ip for DNS pinning
  • Uses blasthttp cert_info for certificate SAN extraction
  • Response comparison via simhash instead of ffuf size/word/line filters

New detection capabilities:

  • Wildcard detection via single-character hostname mutation
  • Canary consistency re-verification before emitting results
  • Keyword-based wildcard filtering
  • Certificate SAN extraction via blasthttp cert_info
  • Interesting default content reporting
  • HTTPS virtual host support via SNI control with resolve_ip
  • Configurable simhash similarity threshold (default 0.8)

Event changes:

  • Produces VIRTUAL_HOST (was VHOST), DNS_NAME_UNVERIFIED, and HTTP_RESPONSE
  • Detailed descriptions with status code, title, size, IP, accessibility

Renamed: vhost -> virtualhost, VHOST -> VIRTUAL_HOST, deadly flag removed

@liquidsec liquidsec changed the title Add virtualhost module for virtual host discovery Rewrite vhost module as virtualhost with native blasthttp Mar 27, 2026
@liquidsec liquidsec mentioned this pull request Mar 27, 2026
Closed
@liquidsec
Add virtualhost module for virtual host discovery
fecac39 
Brute-forces virtual hosts via HTTP Host headers and HTTPS SNI,
with wildcard detection, canary consistency checks, keyword-based
filtering, certificate SAN extraction, and mutation generation.
Uses blasthttp resolve_ip for DNS pinning.
@liquidsec liquidsec force-pushed the add-virtualhost-module branch from 07dfd28 to fecac39 Compare March 27, 2026 18:49
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 27, 2026
edited
Loading

📊 Performance Benchmark Report

Comparing blasthttp-integration-clean (baseline) vs add-virtualhost-module (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name 📏 Base 📏 Current 📈 Change 🎯 Status
Bloom Filter Dns Mutation Tracking Performance 4.16ms 4.23ms +1.7%
Bloom Filter Large Scale Dns Brute Force 17.32ms 17.36ms +0.3%
Large Closest Match Lookup 351.98ms 373.39ms +6.1%
Realistic Closest Match Workload 189.14ms 198.65ms +5.0%
Event Memory Medium Scan 1778 B/event 1780 B/event +0.1%
Event Memory Large Scan 1765 B/event 1768 B/event +0.2%
Event Validation Full Scan Startup Small Batch 409.42ms 417.28ms +1.9%
Event Validation Full Scan Startup Large Batch 578.61ms 587.65ms +1.6%
Make Event Autodetection Small 30.86ms 30.95ms +0.3%
Make Event Autodetection Large 313.80ms 315.62ms +0.6%
Make Event Explicit Types 13.92ms 13.81ms -0.8%
Excavate Single Thread Small 3.933s 3.966s +0.8%
Excavate Single Thread Large 9.471s 9.494s +0.2%
Excavate Parallel Tasks Small 4.162s 4.166s +0.1%
Excavate Parallel Tasks Large 6.571s 6.570s -0.0%
Is Ip Performance 3.18ms 3.20ms +0.6%
Make Ip Type Performance 11.51ms 11.57ms +0.5%
Mixed Ip Operations 4.52ms 4.58ms +1.3%
Memory Use Web Crawl 165.0 MB 153.8 MB -6.8%
Memory Use Subdomain Enum 19.4 MB 19.4 MB +0.2%
Scan Throughput 100 4.596s 4.785s +4.1%
Scan Throughput 1000 36.265s 37.323s +2.9%
Typical Queue Shuffle 63.51µs 64.04µs +0.8%
Priority Queue Shuffle 735.14µs 723.75µs -1.5%

🎯 Performance Summary

No significant performance changes detected (all changes <10%)

🐍 Python Version 3.11.15

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 27, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 83.91608% with 138 lines in your changes missing coverage. Please review.
✅ Project coverage is 91%. Comparing base (e7e61a9) to head (ae7ccf2).

Files with missing lines Patch % Lines
bbot/modules/virtualhost.py 71% 126 Missing ⚠️
...est_step_2/module_tests/test_module_virtualhost.py 98% 12 Missing ⚠️
Additional details and impacted files 
@@                     Coverage Diff                      @@
##           blasthttp-integration-clean   #2993    +/-   ##
============================================================
- Coverage                           91%     91%    -0%     
============================================================
  Files                              443     445     +2     
  Lines                            37927   38785   +858     
============================================================
+ Hits                             34316   35036   +720     
- Misses                            3611    3749   +138

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@liquidsec