hcraft is a HTTP systems penetration testing tool designed to make exploitation of known vulnerabilities in HTTP systems a dynamic, simple process. hcraft is intended to help take the details out of executing HTTP based attacks that require you to specially craft an HTTP request. By defining a modeline for a given vulnerability in the modes file you can instruct hcraft in how the HTTP request should be constructed, then use the tool to select the appropriate mode and include the dynamic parts of the attack such as target host, port, and the filename to retrieve or the command to execute.
hcraft was originally designed to be primarily used for arbitrary file disclosure or command execution vulnerabilities, however it can also be used for cross-site-scripting and sql-injection attacks if the modeline for the vulnerability is carefully designed.
hcraft can be used as black box or white box web application security testing tool. Once you know how to use it or develop a framework hcraft can be used for audit web applications. We are working on the same. Once we build a stable work framework we intend to publish it so everyone can use it.
We need to compile it from source code as per our requirement we can use it under *nix or windows operating system.
Download hcraft version 1.0.0 here
If you enjoyed this article, you might also like:
- April 18, 2010 -- Ubuntu Pentest Edition : Live DVD
Ubuntu Pentest Edition is a gnome based linux designed as a complete system which can also be used f... - January 19, 2010 -- How to exploit IE 0day aka (Aurora) With MetaSploit?
Take a look at the new IE 0day exploit that was added to MetaSploit a couple of days ago. It works ... - December 7, 2009 -- NeXpose Community Edition – Ad-hoc vulnerability scanning and penetration testing tool
An ad-hoc vulnerability scanning and penetration testing tool, the NeXpose Community Edition enables... - August 31, 2010 -- DllHijackAuditor: Audit the DLL Hijacking Vulnerability!
DllHijackAuditor is the smart tool to audit against the DLL Hijacking Vulnerability on any Windows a... - August 30, 2010 -- NodeZero Linux: Penetration Testing Live DVD!
NodeZero is Ubuntu based linux designed as a complete system which can also be used for penetration ... - August 25, 2010 -- UPDATE: NetSecL 3.0!
NetSecL is not new on the block but was outdated and as it is updated its back in action! We had eve... - August 18, 2010 -- UPDATE: WhatWeb v0.4.5!
We originally wrote about WhatWeb in our previous post here. It has now been updated to WhatWeb ve... - August 18, 2010 -- Nmapsi: A NMAP GUI!
Yet another nmap GUI - NmapSi is a complete Qt-based GUI with the design goals to provide a complete... - August 17, 2010 -- UPDATE: VAST Live Distro beta 2.77!
This week its full of updates major security tools are been updated. Just like VAST Live Distro beta...
Tagged as: hcraft, Penetration Testing, Vulnerability Scanner, Web Testing Framework
You must log in to post a comment.