hfuzz is a powerful tool to fuzzing host header in three method using ffuf tool.
- host:
<word> - host:
<word>.domain.tld - host:
<subdomain>
- ffuf
- Run
chmod +x hfuzz.sh ./hfuzz.sh ./hfuzz.sh -i IP -d domain.tld -w wordlist.txt -S subdomain.txt
[-d (domain just for append mode)]
[-s (For TLS (By default, the scheme is http) )] {-i|-I} [-w wordlist] [-S] [-t] [-m] [-f]
[-i (just a single IP -> 1.2.3.4)]
[-I (a list of IP -> ip.txt)]
[-w (a wordlist -> words.txt)]
[-S (a wordlist of subdomains -> subdomains.txt)]
[-t thread]
[-m match-codes]
[-f filter-codes]