hcraft - HTTP Vuln Request Crafter
hcraft is a HTTP systems penetration testing tool designed to make
exploitation of known vulnerabilities in HTTP systems a dynamic, simple
process. hcraft is intended to help take the details out of executing HTTP
based attacks that require you to specially craft an HTTP request. By
defining a modeline for a given vulnerability in the modes file you can
instruct hcraft in how the HTTP request should be constructed, then use the
tool to select the appropriate mode and include the dynamic parts of the
attack such as target host, port, and the filename to retrieve or the command
to execute.
hcraft was originally designed to be primarily used for arbitrary
file disclosure or command execution vulnerabilities, however it can also be
used for cross-site-scripting and sql-injection attacks if the modeline for
the vulnerability is carefully designed.
Download
|
