HExHTTP is a specialized tool designed to test and analyze HTTP headers to identify vulnerabilities and uncover interesting behaviors in web servers.
It is particularly useful for security analysts and penetration testers, offering a range of features to explore potential weaknesses in HTTP implementations.
HExHTTP provides several functionalities for HTTP header analysis, including:
HExHTTP can be installed via Python or Docker:
pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/' docker build -t hexhttp:latest .
docker run --rm -it --net=host -v "$PWD:/hexhttp/" hexhttp:latest -u 'https://target.tld/'The tool supports various command-line options for flexible testing:
./hexhttp.py -u 'https://target.tld/'./hexhttp.py -b -f domains.lst./hexhttp.py --header 'Foo: bar' --auth 'user:passwd' -u 'https://target.tld/'HExHTTP can detect vulnerabilities like cache poisoning on public targets, such as Web Security Academy’s labs. For instance, it can confirm cache poisoning by analyzing unkeyed headers.
The tool is actively developed with planned enhancements such as mobile user-agent support, false positive filtering, and additional output formats (e.g., JSON). Contributions are welcome via pull requests on its GitHub repository.
HExHTTP is based on cutting-edge research in HTTP header exploitation and web cache vulnerabilities, making it a valuable asset for web security professionals.
What is a Software Supply Chain Attack? A software supply chain attack occurs when a…
When people ask how UDP works, the simplest answer is this: UDP sends data quickly…
Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…
A large-scale malware campaign leveraging AI-assisted development techniques has been uncovered, revealing how attackers are…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
People trying to securely connect to work are being tricked into doing the exact opposite.…