HExHTTP is a specialized tool designed to test and analyze HTTP headers to identify vulnerabilities and uncover interesting behaviors in web servers.
It is particularly useful for security analysts and penetration testers, offering a range of features to explore potential weaknesses in HTTP implementations.
HExHTTP provides several functionalities for HTTP header analysis, including:
HExHTTP can be installed via Python or Docker:
pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/' docker build -t hexhttp:latest .
docker run --rm -it --net=host -v "$PWD:/hexhttp/" hexhttp:latest -u 'https://target.tld/'The tool supports various command-line options for flexible testing:
./hexhttp.py -u 'https://target.tld/'./hexhttp.py -b -f domains.lst./hexhttp.py --header 'Foo: bar' --auth 'user:passwd' -u 'https://target.tld/'HExHTTP can detect vulnerabilities like cache poisoning on public targets, such as Web Security Academy’s labs. For instance, it can confirm cache poisoning by analyzing unkeyed headers.
The tool is actively developed with planned enhancements such as mobile user-agent support, false positive filtering, and additional output formats (e.g., JSON). Contributions are welcome via pull requests on its GitHub repository.
HExHTTP is based on cutting-edge research in HTTP header exploitation and web cache vulnerabilities, making it a valuable asset for web security professionals.
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…
Vim and Vi are among the most powerful text editors in the Linux world. They…
Working with compressed files is a common task for any Linux user. Whether you are…
In the digital era, an email address can reveal much more than just a contact…