HExHTTP is a specialized tool designed to test and analyze HTTP headers to identify vulnerabilities and uncover interesting behaviors in web servers.
It is particularly useful for security analysts and penetration testers, offering a range of features to explore potential weaknesses in HTTP implementations.
HExHTTP provides several functionalities for HTTP header analysis, including:
HExHTTP can be installed via Python or Docker:
pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/' docker build -t hexhttp:latest .
docker run --rm -it --net=host -v "$PWD:/hexhttp/" hexhttp:latest -u 'https://target.tld/'The tool supports various command-line options for flexible testing:
./hexhttp.py -u 'https://target.tld/'./hexhttp.py -b -f domains.lst./hexhttp.py --header 'Foo: bar' --auth 'user:passwd' -u 'https://target.tld/'HExHTTP can detect vulnerabilities like cache poisoning on public targets, such as Web Security Academy’s labs. For instance, it can confirm cache poisoning by analyzing unkeyed headers.
The tool is actively developed with planned enhancements such as mobile user-agent support, false positive filtering, and additional output formats (e.g., JSON). Contributions are welcome via pull requests on its GitHub repository.
HExHTTP is based on cutting-edge research in HTTP header exploitation and web cache vulnerabilities, making it a valuable asset for web security professionals.
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…