VHostScan Wordlists Documentation
August 17, 2025 ยท View on GitHub
This document describes the wordlists available in VHostScan. This is an enhanced version of the original project by Codingo with additional improvements and expanded wordlists.
Overview
VHostScan includes several specialized wordlists designed for different virtual host discovery scenarios. Each wordlist is optimized for specific use cases and environments.
Available Wordlists
1. cloud-modern.txt (NEW)
Size: ~1,200 entries
Purpose: Modern cloud services and container environments
Best for: AWS, Azure, GCP, Docker, Kubernetes environments
Contains:
- Cloud service subdomains (api, cdn, static, assets)
- Container orchestration endpoints
- Modern web architecture patterns
- Microservices naming conventions
Example usage:
python VHostScan.py -t example.com -w wordlists/cloud-modern.txt
2. common-vhosts.txt (ENHANCED)
Size: ~800 entries
Purpose: Most common virtual host patterns
Best for: General purpose scanning, initial reconnaissance
Contains:
- Standard subdomain patterns (www, mail, ftp, admin)
- Common service endpoints
- Legacy and modern naming conventions
- International variations
Example usage:
python VHostScan.py -t example.com -w wordlists/common-vhosts.txt
3. pentest-focused.txt (NEW)
Size: ~600 entries
Purpose: Penetration testing and security assessments
Best for: Security professionals, bug bounty hunters
Contains:
- Security-related endpoints
- Admin interfaces and panels
- Development and staging environments
- Testing and debugging interfaces
Example usage:
python VHostScan.py -t example.com -w wordlists/pentest-focused.txt
4. virtual-host-scanning.txt (ORIGINAL)
Size: ~1,000+ entries
Purpose: Comprehensive virtual host discovery
Best for: Thorough enumeration
Contains:
- Extensive subdomain list
- Various naming patterns
- Legacy system endpoints
5. simple.txt (ORIGINAL)
Size: ~100 entries
Purpose: Quick basic scanning
Best for: Fast initial checks
6. testing.txt (ORIGINAL)
Size: ~20 entries
Purpose: Development and testing
Best for: Local development, proof of concept
7. hackthebox.txt (ORIGINAL)
Size: ~50 entries
Purpose: CTF and HackTheBox challenges
Best for: Educational purposes, CTF competitions
Usage Recommendations
For Different Scenarios:
Quick Assessment:
python VHostScan.py -t target.com -w wordlists/simple.txt
General Purpose Scan:
python VHostScan.py -t target.com -w wordlists/common-vhosts.txt
Cloud Environment:
python VHostScan.py -t target.com -w wordlists/cloud-modern.txt
Security Assessment:
python VHostScan.py -t target.com -w wordlists/pentest-focused.txt
Comprehensive Scan:
python VHostScan.py -t target.com -w wordlists/virtual-host-scanning.txt
Combining Wordlists:
You can combine multiple wordlists for comprehensive coverage:
# Combine common and cloud wordlists
cat wordlists/common-vhosts.txt wordlists/cloud-modern.txt > combined.txt
python VHostScan.py -t target.com -w combined.txt
Wordlist Quality and Sources
Original Wordlists (by Codingo)
- Based on real-world penetration testing experience
- Curated from security assessments and bug bounty hunting
- Regularly updated based on community feedback
Enhanced Wordlists (Improvements)
- cloud-modern.txt: Based on modern cloud infrastructure patterns
- pentest-focused.txt: Specialized for security assessments
- common-vhosts.txt: Enhanced with additional common patterns
Quality Assurance
- All wordlists are deduplicated
- Entries are validated for common patterns
- Regular updates based on emerging technologies
Performance Considerations
| Wordlist | Entries | Scan Time* | Memory Usage |
|---|---|---|---|
| simple.txt | ~100 | < 1 min | Low |
| testing.txt | ~20 | < 30 sec | Very Low |
| common-vhosts.txt | ~800 | 2-5 min | Medium |
| pentest-focused.txt | ~600 | 2-4 min | Medium |
| cloud-modern.txt | ~1,200 | 3-6 min | Medium |
| virtual-host-scanning.txt | ~1,000+ | 5-10 min | High |
*Estimated scan times for typical targets with default settings
Custom Wordlists
You can create custom wordlists by:
- Creating a text file with one entry per line
- Using the format:
subdomain(without the domain) - Saving with
.txtextension in the wordlists directory
Example custom wordlist:
myapp
staging-api
dev-portal
internal-admin
Contributing
To contribute new wordlists or improve existing ones:
- Fork the repository
- Add your wordlist to the
VHostScan/wordlists/directory - Update this documentation
- Submit a pull request
Wordlist Guidelines:
- One entry per line
- No duplicate entries
- No comments or special characters
- Use lowercase for consistency
- Focus on real-world scenarios
Credits
- Original Project: Codingo - VHostScan creator
- Enhancements: Additional wordlists and improvements by the community
- Sources: Real-world penetration testing, bug bounty research, cloud infrastructure patterns
This is an enhanced version of VHostScan by Codingo with additional improvements and expanded wordlists for better virtual host discovery.