Cyber security

httpAlive – URL Analysis Tool For Web Application Penetration Test

Discover ‘httpAlive,’ a powerful URL analysis tool designed for web application penetration testing.

With features like user-agent rotation, multithreading, and colorized output, this versatile tool efficiently probes for alive subdomains and URLs. In this article, we’ll explore its capabilities, installation, and usage, empowering you with a valuable asset for enhancing your web application security assessments.

Overview

  • The “httpAlive” tool is designed to efficiently probe for alive subdomains and URLs from a provided list.
  • It includes features such as user-agent rotation, colorized output, multithreading, and a command-line interface (CLI) for ease of use.
  • Works in all platforms.

Features

  1. User-Agent Rotation:
    • Randomly selects a user agent from a predefined list for each HTTP request to avoid detection.
  2. Colorized Output:
    • Utilizes the colorama library to provide colorized and visually appealing output.
  3. Multithreading:
    • Implements multithreading using Python’s concurrent.futures module for concurrent execution of HTTP requests.
  4. HTTP Client:
    • Utilizes the httpx library as the HTTP client with SSL certificate verification disabled.
  5. Command-Line Interface (CLI):
    • Accepts command-line arguments through the argparse module for easy configuration.
  6. Output File:
    • Saves results to an output file specified by the user (default: “httpAlive_output.txt”).
  7. Banner Display:
    • Displays a colorful banner at the beginning with information about the tool, author, and GitHub profile.
  8. Exception Handling:
    • Includes exception handling to gracefully handle interruptions, such as KeyboardInterrupt.

Installation

  • Clone the repository to your local machine.

Method 1


git clone https://github.com/aashish36/httpAlive.git

cd httpAlive

pip install -r requirements.txt

Method 2


git clone https://github.com/aashish36/httpAlive.git

cd httpAlive

pip install .

httpAlive help:


██╗░░██╗████████╗████████╗██████╗░░░░░░░░█████╗░██╗░░░░░██╗██╗░░░██╗███████╗
██║░░██║╚══██╔══╝╚══██╔══╝██╔══██╗░░░░░░██╔══██╗██║░░░░░██║██║░░░██║██╔════╝
███████║░░░██║░░░░░░██║░░░██████╔╝█████╗███████║██║░░░░░██║╚██╗░██╔╝█████╗░░
██╔══██║░░░██║░░░░░░██║░░░██╔═══╝░╚════╝██╔══██║██║░░░░░██║░╚████╔╝░██╔══╝░░
██║░░██║░░░██║░░░░░░██║░░░██║░░░░░░░░░░░██║░░██║███████╗██║░░╚██╔╝░░███████╗
╚═╝░░╚═╝░░░╚═╝░░░░░░╚═╝░░░╚═╝░░░░░░░░░░░╚═╝░░╚═╝╚══════╝╚═╝░░░╚═╝░░░╚══════╝
      
        Author   : Aashish
                                              
        Github   : https://github.com/aashish36
          
        httpAlive is a tool designed to efficiently probe for alive subdomains and Urls from a provided list.


usage: httpalive-Mark9.py [-h] -l list [-o output] [-c CONCURRENCY] [-t THREADS]

options:

  -h, --help            show this help message and exit.

  -l list, --DomainList list
                        [INFO]: List of Subdomains or URLs.

  -o output, --output output
                        [INFO]: File to save our output.

  -c CONCURRENCY, --concurrency CONCURRENCY
                        [INFO]: Concurrency level to make fast process.

  -t THREADS, --threads THREADS
                        [INFO]: Threading level to make fast process.

Usage

  • Create a file containing that contains list of URLs or subdoamins or both and give to httpAlive. The output contains status codes and content length.
  • This python code will save the results of the analysis to a file named ‘output.txt’.
  • Run the script with urls or subdomain list.

Note

  • Do not give more threads. It might cause Race Condition

Method 1

python ./httpAlive/httpAlive -l subdomainList.txt

Method 2

httpAlive -l subdomainList.txt

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

2 hours ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

3 hours ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

22 hours ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

22 hours ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

22 hours ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

3 days ago