Closed
Description
HTTPS is broken because python-requests is handed the target, not the entry from the wordlist. This is fine for non-TLS sites, but breaks SNI.
The downside to handing the wordlist entry over is that python-requests will use the system resolver and go to where that points instead of the specified target.
Using -b (BASE_HOST) is also broken for HTTPS.
I believe it can be made to work with monkey patching as per here:
https://stackoverflow.com/questions/22609385/python-requests-library-define-specific-dns