hcraft is a HTTP systems penetration testing tool designed to make exploitation of known vulnerabilities in HTTP systems a dynamic, simple process. hcraft is intended to help take the details out of executing HTTP based attacks that require you to specially craft an HTTP request. By defining a modeline for a given vulnerability in the modes file you can instruct hcraft in how the HTTP request should be constructed, then use the tool to select the appropriate mode and include the dynamic parts of the attack such as target host, port, and the filename to retrieve or the command to execute.
hcraft was originally designed to be primarily used for arbitrary file disclosure or command execution vulnerabilities, however it can also be used for cross-site-scripting and sql-injection attacks if the modeline for the vulnerability is carefully designed.
hcraft can be used as black box or white box web application security testing tool. Once you know how to use it or develop a framework hcraft can be used for audit web applications. We are working on the same. Once we build a stable work framework we intend to publish it so everyone can use it.
We need to compile it from source code as per our requirement we can use it under *nix or windows operating system.
Download hcraft version 1.0.0 here
Searches leading to this post:hcraft, http request craft, crafting http requests, hcraft backtrack, http request crafter, http request tool, http request test tool, http request test, craft custom http request tester, how to craft http requests, Hcraft web scanner, http request tool open source
You must log in to post a comment.