httpAlive – URL Analysis Tool For Web Application Penetration Test

Discover ‘httpAlive,’ a powerful URL analysis tool designed for web application penetration testing.

With features like user-agent rotation, multithreading, and colorized output, this versatile tool efficiently probes for alive subdomains and URLs. In this article, we’ll explore its capabilities, installation, and usage, empowering you with a valuable asset for enhancing your web application security assessments.

Overview

• The “httpAlive” tool is designed to efficiently probe for alive subdomains and URLs from a provided list.
• It includes features such as user-agent rotation, colorized output, multithreading, and a command-line interface (CLI) for ease of use.
• Works in all platforms.

Features

1. User-Agent Rotation:
   • Randomly selects a user agent from a predefined list for each HTTP request to avoid detection.
2. Colorized Output:
   • Utilizes the colorama library to provide colorized and visually appealing output.
3. Multithreading:
   • Implements multithreading using Python’s concurrent.futures module for concurrent execution of HTTP requests.
4. HTTP Client:
   • Utilizes the httpx library as the HTTP client with SSL certificate verification disabled.
5. Command-Line Interface (CLI):
   • Accepts command-line arguments through the argparse module for easy configuration.
6. Output File:
   • Saves results to an output file specified by the user (default: “httpAlive_output.txt”).
7. Banner Display:
   • Displays a colorful banner at the beginning with information about the tool, author, and GitHub profile.
8. Exception Handling:
   • Includes exception handling to gracefully handle interruptions, such as KeyboardInterrupt.

Installation

• Clone the repository to your local machine.

Method 1

git clone https://github.com/aashish36/httpAlive.git

cd httpAlive

pip install -r requirements.txt

Method 2

git clone https://github.com/aashish36/httpAlive.git

cd httpAlive

pip install .

httpAlive help:

██╗░░██╗████████╗████████╗██████╗░░░░░░░░█████╗░██╗░░░░░██╗██╗░░░██╗███████╗
██║░░██║╚══██╔══╝╚══██╔══╝██╔══██╗░░░░░░██╔══██╗██║░░░░░██║██║░░░██║██╔════╝
███████║░░░██║░░░░░░██║░░░██████╔╝█████╗███████║██║░░░░░██║╚██╗░██╔╝█████╗░░
██╔══██║░░░██║░░░░░░██║░░░██╔═══╝░╚════╝██╔══██║██║░░░░░██║░╚████╔╝░██╔══╝░░
██║░░██║░░░██║░░░░░░██║░░░██║░░░░░░░░░░░██║░░██║███████╗██║░░╚██╔╝░░███████╗
╚═╝░░╚═╝░░░╚═╝░░░░░░╚═╝░░░╚═╝░░░░░░░░░░░╚═╝░░╚═╝╚══════╝╚═╝░░░╚═╝░░░╚══════╝
      
        Author   : Aashish
                                              
        Github   : https://github.com/aashish36
          
        httpAlive is a tool designed to efficiently probe for alive subdomains and Urls from a provided list.


usage: httpalive-Mark9.py [-h] -l list [-o output] [-c CONCURRENCY] [-t THREADS]

options:

  -h, --help            show this help message and exit.

  -l list, --DomainList list
                        [INFO]: List of Subdomains or URLs.

  -o output, --output output
                        [INFO]: File to save our output.

  -c CONCURRENCY, --concurrency CONCURRENCY
                        [INFO]: Concurrency level to make fast process.

  -t THREADS, --threads THREADS
                        [INFO]: Threading level to make fast process.

Usage

• Create a file containing that contains list of URLs or subdoamins or both and give to httpAlive. The output contains status codes and content length.
• This python code will save the results of the analysis to a file named ‘output.txt’.
• Run the script with urls or subdomain list.

Note

• Do not give more threads. It might cause Race Condition

Method 1

python ./httpAlive/httpAlive -l subdomainList.txt

Method 2

httpAlive -l subdomainList.txt