HExHTTP is a specialized tool designed to test and analyze HTTP headers to identify vulnerabilities and uncover interesting behaviors in web servers.
It is particularly useful for security analysts and penetration testers, offering a range of features to explore potential weaknesses in HTTP implementations.
HExHTTP provides several functionalities for HTTP header analysis, including:
HExHTTP can be installed via Python or Docker:
pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/' docker build -t hexhttp:latest .
docker run --rm -it --net=host -v "$PWD:/hexhttp/" hexhttp:latest -u 'https://target.tld/'The tool supports various command-line options for flexible testing:
./hexhttp.py -u 'https://target.tld/'./hexhttp.py -b -f domains.lst./hexhttp.py --header 'Foo: bar' --auth 'user:passwd' -u 'https://target.tld/'HExHTTP can detect vulnerabilities like cache poisoning on public targets, such as Web Security Academy’s labs. For instance, it can confirm cache poisoning by analyzing unkeyed headers.
The tool is actively developed with planned enhancements such as mobile user-agent support, false positive filtering, and additional output formats (e.g., JSON). Contributions are welcome via pull requests on its GitHub repository.
HExHTTP is based on cutting-edge research in HTTP header exploitation and web cache vulnerabilities, making it a valuable asset for web security professionals.
NimPlant C2 is a minimal Proof-of-Concept (PoC) beacon written in C, designed to operate as…
The Embedded USB Debugger (EUD) is a sophisticated tool developed by Qualcomm to enhance the…
Unleashed Recompiled is an unofficial PC port of Sonic Unleashed, created through the process of…
XenonRecomp is a powerful tool designed to convert Xbox 360 executables into C++ code, allowing…
Research publications often introduce innovative tools and methodologies to address complex challenges in technology and…
Ensuring the security of Solana smart contracts is crucial to prevent exploits and maintain the…