HTTPS is broken because python-requests is handed the target, not the entry from the wordlist. This is fine for non-TLS sites, but breaks SNI.

The downside to handing the wordlist entry over is that python-requests will use the system resolver and go to where that points instead of the specified target.

Using -b (BASE_HOST) is also broken for HTTPS.

I believe it can be made to work with monkey patching as per here:
https://stackoverflow.com/questions/22609385/python-requests-library-define-specific-dns