.png)
HTTPLoot is a automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and “loot” secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source code yourself, you …
Tag Archives: http
Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App
Whatweb is the perfect name for this tool. Simply it answers the question, “What is that Website?” Whatweb can identify all sorts of information about a live website, like: Whatweb offers both passive scanning and aggressive testing. Passive scanning just extracts data from HTTP headers simulating a normal visit. Aggressive options get deeper with recursion …
Continue reading “Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App”
Forbidden : Bypass 4Xx HTTP Response Status Codes
Forbidden is to Bypass 4xx HTTP response status codes. Based on PycURL. Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To filter out false positives, check each content length …
Continue reading “Forbidden : Bypass 4Xx HTTP Response Status Codes”
Pathprober : Probe And Discover HTTP Pathname Using Brute-Force Methodology And Filtered By Specific Word Or 2 Words At Once
Pathprober is a Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once. Brute-forcing website directories or HTTP pathname and validate using HTTP response code is not relevant anymore. This tool will help you to perform a penetration test, because it could validate the directories using specific-word …
SharpWebServer : HTTP And WebDAV Server With Net-NTLM Hashes Capture Functionality
SharpWebServer is a Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes. Requires .NET Framework 4.5 and System.Net and System.Net.Sockets references. Usage :: SharpWebServer ::a Red Team oriented C# Simple HTTP Server with Net-NTLMv1/2 hashes capture functionalityAuthors:– Can Güney Aksakalli …
HTTP_Bridge : Send TCP Stream Packets Over Simple HTTP Request
HTTP_Bridge is a tool used for compouned of two parts, the server and a client. Server The server is just a php file with some logic to keep a stateful connections using tcp sockets, and handle the incomming http requests; by now this logic only works over linux servers. I’ve test it with apache+mod_php, nginx+php-fpm …
Continue reading “HTTP_Bridge : Send TCP Stream Packets Over Simple HTTP Request”
h2cSmuggler : HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)
h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the vulnerability Insecure-by-default services Remediation guidance Here: https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c How to test? Any proxy endpoint that forwards h2c upgrade …
Continue reading “h2cSmuggler : HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)”
Pivotnacci : A Tool To Make Socks Connections Through HTTP Agents
Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following: This tool was inspired by the great reGeorg. However, it includes some improvements: Support for balanced servers Customizable polling interval, useful to reduce detection rates Auto drop …
Continue reading “Pivotnacci : A Tool To Make Socks Connections Through HTTP Agents”
httpgrep : Scans HTTP Servers To Find Given Strings In URIs
httpgrep is a python tool which scans for HTTP servers and finds given strings in HTTP body and HTTP response headers. $ httpgrep -H–== [ by nullsecurity.net ] ==– Usage httpgrep -h -s [opts] | Options –h < hosts|file> – single host or host-range/cidr-range or file containinghosts, e.g.: foobar.net, 192.168.0.1-192.168.0.254,192.168.0.0/24, /tmp/hosts.txt-p<port> – port to connect …
Continue reading “httpgrep : Scans HTTP Servers To Find Given Strings In URIs”
FProbe : Domains/Subdomains & Probe For Working Http/Https Server
FProbe is a took to take list of domains/subdomains and probe for working http/https server. Installation GO111MODULE=on go get -u github.com/theblackturtle/fprobe Features Take a list of domains/subdomains and probe for working http/https server. Optimize RAM and CPU in runtime. Support special ports for each domain Verbose in JSON format with some additional headers, such as …
Continue reading “FProbe : Domains/Subdomains & Probe For Working Http/Https Server”