HExHTTP is a specialized tool designed to test and analyze HTTP headers to identify vulnerabilities and uncover interesting behaviors in web servers.
It is particularly useful for security analysts and penetration testers, offering a range of features to explore potential weaknesses in HTTP implementations.
HExHTTP provides several functionalities for HTTP header analysis, including:
HExHTTP can be installed via Python or Docker:
pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/' docker build -t hexhttp:latest .
docker run --rm -it --net=host -v "$PWD:/hexhttp/" hexhttp:latest -u 'https://target.tld/'The tool supports various command-line options for flexible testing:
./hexhttp.py -u 'https://target.tld/'./hexhttp.py -b -f domains.lst./hexhttp.py --header 'Foo: bar' --auth 'user:passwd' -u 'https://target.tld/'HExHTTP can detect vulnerabilities like cache poisoning on public targets, such as Web Security Academy’s labs. For instance, it can confirm cache poisoning by analyzing unkeyed headers.
The tool is actively developed with planned enhancements such as mobile user-agent support, false positive filtering, and additional output formats (e.g., JSON). Contributions are welcome via pull requests on its GitHub repository.
HExHTTP is based on cutting-edge research in HTTP header exploitation and web cache vulnerabilities, making it a valuable asset for web security professionals.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…