Nairuz Abulhul – Nov 28, 2023 | Published in R3d Buck3T | 8 min read
When performing external penetration testing or bug bounty hunting, we explore the targeted system from various angles to collect as much information as possible to identify potential attack vectors. This involves identifying all the available assets, domains, and subdomains.
During this process, one of the things we focus on is enumerating virtual hosts. By doing so, we can discover hidden or undocumented assets that may be misconfigured or vulnerable. For instance, we may find a virtual host accessible without authentication, which may lead to unauthorized access to sensitive data.
In this article, we will discuss different ways to enumerate virtual hosts and gather information from them. We will use the HTB Academy exercise in the “Information Gathering — Web Edition” module to demonstrate the enumeration steps.