# VHOST Discovery Web servers can be used to host many websites using multiple different domain names. In this scenario, the server IP address would remain the same but the host you are connecting to would change. There are two typical ways to define a virtual host: 1\) Using the "Host:" HTTP request header. 2\) Via the HTTPS Server Name Indication (SNI) phase of TLS. ## Performing VHOST Discovery Firstly, it should be noted that this is not recommended for web servers using CloudFlare. To perform VHOST discovery, gobuster can be used with a good wordlist. * Using this command, gobuster will brute force the target server for other VHOSTs. `gobuster vhost --wordlist --url ` ## Wordlists To be succesful with this discovery, a good wordlist should be used. We recommend using the following page to find a wordlist. Specifically, subdomains discovery wordlists can be used here. * --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.pentestlist.com/offensive-security/web-application/discovery/vhost-discovery.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.