虚拟主机一个服务器可以提供多个网站站点服务这意味着一个IP可以对应多个域名。虚拟主机的架设可以基于域名、也可以基于端口本文仅针对基于域名的虚拟主机目的就是找到主机上开设的虚拟主机如果有。枚举就需要字典在kali中找一下字典先cd到字典的目录。cd/usr/share/wordlists/find-L .-name*subdomain*-exec ls-l{}-L是进入符号链接的目录搜索。find命令默认不递归进入符号链接指向的目录。fuzz探测已经在/etc/hosts 里添加了example.comffuf-c-w/usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt-Hhost: FUZZ.example.com-u http://IPaddress-fc403,404ffuf -c -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H “host: FUZZ.example.com” -u http://IPaddress -fc 403,404然后再过滤掉大部分跳转或错误的页面比如过滤掉字符是3598的页面ffuf-c-w/usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt-Hhost: FUZZ.example.com-u http://192.168.1.100-fc403,404-fw3598ffuf -c -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H “host: FUZZ.example.com” -u http://192.168.1.100 -fc 403,404 -fw 3598