> For the complete documentation index, see [llms.txt](https://wiki.pentestlist.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wiki.pentestlist.com/offensive-security/web-application/discovery/vhost-discovery.md). # VHOST Discovery Web servers can be used to host many websites using multiple different domain names. In this scenario, the server IP address would remain the same but the host you are connecting to would change. There are two typical ways to define a virtual host: 1\) Using the "Host:" HTTP request header. 2\) Via the HTTPS Server Name Indication (SNI) phase of TLS. ## Performing VHOST Discovery Firstly, it should be noted that this is not recommended for web servers using CloudFlare. To perform VHOST discovery, gobuster can be used with a good wordlist. * Using this command, gobuster will brute force the target server for other VHOSTs. `gobuster vhost --wordlist --url ` ## Wordlists To be succesful with this discovery, a good wordlist should be used. We recommend using the following page to find a wordlist. Specifically, subdomains discovery wordlists can be used here. * --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://wiki.pentestlist.com/offensive-security/web-application/discovery/vhost-discovery.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.