httpAlive – URL Analysis Tool For Web Application Penetration Test

Discover ‘httpAlive,’ a powerful URL analysis tool designed for web application penetration testing.

With features like user-agent rotation, multithreading, and colorized output, this versatile tool efficiently probes for alive subdomains and URLs. In this article, we’ll explore its capabilities, installation, and usage, empowering you with a valuable asset for enhancing your web application security assessments.

Overview

The “httpAlive” tool is designed to efficiently probe for alive subdomains and URLs from a provided list.
It includes features such as user-agent rotation, colorized output, multithreading, and a command-line interface (CLI) for ease of use.
Works in all platforms.

Features

User-Agent Rotation:
- Randomly selects a user agent from a predefined list for each HTTP request to avoid detection.
Colorized Output:
- Utilizes the colorama library to provide colorized and visually appealing output.
Multithreading:
- Implements multithreading using Python’s concurrent.futures module for concurrent execution of HTTP requests.
HTTP Client:
- Utilizes the httpx library as the HTTP client with SSL certificate verification disabled.
Command-Line Interface (CLI):
- Accepts command-line arguments through the argparse module for easy configuration.
Output File:
- Saves results to an output file specified by the user (default: “httpAlive_output.txt”).
Banner Display:
- Displays a colorful banner at the beginning with information about the tool, author, and GitHub profile.
Exception Handling:
- Includes exception handling to gracefully handle interruptions, such as KeyboardInterrupt.

Installation

Clone the repository to your local machine.

Method 1


git clone https://github.com/aashish36/httpAlive.git

cd httpAlive

pip install -r requirements.txt

Method 2


git clone https://github.com/aashish36/httpAlive.git

cd httpAlive

pip install .

httpAlive help:


██╗░░██╗████████╗████████╗██████╗░░░░░░░░█████╗░██╗░░░░░██╗██╗░░░██╗███████╗
██║░░██║╚══██╔══╝╚══██╔══╝██╔══██╗░░░░░░██╔══██╗██║░░░░░██║██║░░░██║██╔════╝
███████║░░░██║░░░░░░██║░░░██████╔╝█████╗███████║██║░░░░░██║╚██╗░██╔╝█████╗░░
██╔══██║░░░██║░░░░░░██║░░░██╔═══╝░╚════╝██╔══██║██║░░░░░██║░╚████╔╝░██╔══╝░░
██║░░██║░░░██║░░░░░░██║░░░██║░░░░░░░░░░░██║░░██║███████╗██║░░╚██╔╝░░███████╗
╚═╝░░╚═╝░░░╚═╝░░░░░░╚═╝░░░╚═╝░░░░░░░░░░░╚═╝░░╚═╝╚══════╝╚═╝░░░╚═╝░░░╚══════╝
      
        Author   : Aashish
                                              
        Github   : https://github.com/aashish36
          
        httpAlive is a tool designed to efficiently probe for alive subdomains and Urls from a provided list.


usage: httpalive-Mark9.py [-h] -l list [-o output] [-c CONCURRENCY] [-t THREADS]

options:

  -h, --help            show this help message and exit.

  -l list, --DomainList list
                        [INFO]: List of Subdomains or URLs.

  -o output, --output output
                        [INFO]: File to save our output.

  -c CONCURRENCY, --concurrency CONCURRENCY
                        [INFO]: Concurrency level to make fast process.

  -t THREADS, --threads THREADS
                        [INFO]: Threading level to make fast process.

Usage

Create a file containing that contains list of URLs or subdoamins or both and give to httpAlive. The output contains status codes and content length.
This python code will save the results of the analysis to a file named ‘output.txt’.
Run the script with urls or subdomain list.

Note

Do not give more threads. It might cause Race Condition

Method 1

python ./httpAlive/httpAlive -l subdomainList.txt

Method 2

httpAlive -l subdomainList.txt

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.