Skip to content

Rewrite vhost module as virtualhost with native blasthttp#2993

Open
liquidsec wants to merge 5 commits intoblasthttp-integration-cleanfrom
add-virtualhost-module
Open

Rewrite vhost module as virtualhost with native blasthttp#2993
liquidsec wants to merge 5 commits intoblasthttp-integration-cleanfrom
add-virtualhost-module

Conversation

@liquidsec
Copy link
Copy Markdown
Contributor

@liquidsec liquidsec commented Mar 27, 2026
edited
Loading

Summary

Complete rewrite of the vhost module (now renamed to virtualhost). The old module was a thin wrapper around the ffuf Go binary for Host header fuzzing. The new module is a native Python implementation using blasthttp for all HTTP requests, with significantly expanded detection capabilities.

Requires #2992 (blasthttp integration). Supersedes #2672.

What changed from the old vhost module

Architecture:

  • No longer inherits from ffuf or shells out to any external binary
  • All HTTP requests go through self.helpers.request() with resolve_ip for DNS pinning
  • Uses blasthttp cert_info for certificate SAN extraction
  • Response comparison via simhash instead of ffuf size/word/line filters

New detection capabilities:

  • Wildcard detection via single-character hostname mutation
  • Canary consistency re-verification before emitting results
  • Keyword-based wildcard filtering
  • Certificate SAN extraction via blasthttp cert_info
  • Interesting default content reporting
  • HTTPS virtual host support via SNI control with resolve_ip
  • Configurable simhash similarity threshold (default 0.8)

Event changes:

  • Produces VIRTUAL_HOST (was VHOST), DNS_NAME_UNVERIFIED, and HTTP_RESPONSE
  • Detailed descriptions with status code, title, size, IP, accessibility

Renamed: vhost -> virtualhost, VHOST -> VIRTUAL_HOST, deadly flag removed

@liquidsec liquidsec changed the title Add virtualhost module for virtual host discovery Rewrite vhost module as virtualhost with native blasthttp Mar 27, 2026
@liquidsec liquidsec mentioned this pull request Mar 27, 2026
Closed
@liquidsec
Add virtualhost module for virtual host discovery
fecac39 
Brute-forces virtual hosts via HTTP Host headers and HTTPS SNI,
with wildcard detection, canary consistency checks, keyword-based
filtering, certificate SAN extraction, and mutation generation.
Uses blasthttp resolve_ip for DNS pinning.
@liquidsec liquidsec force-pushed the add-virtualhost-module branch from 07dfd28 to fecac39 Compare March 27, 2026 18:49
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 27, 2026
edited
Loading

📊 Performance Benchmark Report

Comparing blasthttp-integration-clean (baseline) vs add-virtualhost-module (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name 📏 Base 📏 Current 📈 Change 🎯 Status
Bloom Filter Dns Mutation Tracking Performance 4.10ms 4.15ms +1.2%
Bloom Filter Large Scale Dns Brute Force 19.08ms 26.30ms +37.8% 🔴🔴🔴 ⚠️
Large Closest Match Lookup 344.40ms 357.45ms +3.8%
Realistic Closest Match Workload 186.66ms 187.99ms +0.7%
Event Memory Medium Scan 1771 B/event 1772 B/event +0.0%
Event Memory Large Scan 1757 B/event 1760 B/event +0.2%
Event Validation Full Scan Startup Small Batch 399.55ms 425.60ms +6.5%
Event Validation Full Scan Startup Large Batch 556.45ms 590.30ms +6.1%
Make Event Autodetection Small 30.40ms 30.71ms +1.0%
Make Event Autodetection Large 310.94ms 312.49ms +0.5%
Make Event Explicit Types 13.59ms 13.60ms +0.0%
Excavate Single Thread Small 3.920s 3.939s +0.5%
Excavate Single Thread Large 9.465s 9.437s -0.3%
Excavate Parallel Tasks Small 4.089s 4.089s +0.0%
Excavate Parallel Tasks Large 7.252s 7.204s -0.6%
Is Ip Performance 3.16ms 3.16ms +0.1%
Make Ip Type Performance 11.37ms 11.46ms +0.8%
Mixed Ip Operations 4.44ms 4.51ms +1.5%
Scan Throughput 100 4.649s 4.664s +0.3%
Scan Throughput 1000 37.508s 36.983s -1.4%
Typical Queue Shuffle 63.53µs 63.36µs -0.3%
Priority Queue Shuffle 723.97µs 728.12µs +0.6%

🎯 Performance Summary

! 1 regression ⚠️
  21 unchanged ✅

🔍 Significant Changes (>10%)

  • Bloom Filter Large Scale Dns Brute Force: 37.8% 🐌 slower

🐍 Python Version 3.11.15

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 27, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 83.91608% with 138 lines in your changes missing coverage. Please review.
✅ Project coverage is 91%. Comparing base (294dedb) to head (5ebe7d1).

Files with missing lines Patch % Lines
bbot/modules/virtualhost.py 71% 126 Missing ⚠️
...est_step_2/module_tests/test_module_virtualhost.py 98% 12 Missing ⚠️
Additional details and impacted files 
@@                     Coverage Diff                      @@
##           blasthttp-integration-clean   #2993    +/-   ##
============================================================
- Coverage                           91%     91%    -0%     
============================================================
  Files                              440     442     +2     
  Lines                            37570   38428   +858     
============================================================
+ Hits                             34078   34798   +720     
- Misses                            3492    3630   +138

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@liquidsec