New Tool: hcraft – HTTP Vuln Request Crafter

hcraft is a HTTP systems penetration testing tool designed to make exploitation of known vulnerabilities in HTTP systems a dynamic, simple process. hcraft is intended to help take the details out of executing HTTP- based attacks that require you to specially craft an HTTP request. By defining a modeline for a given vulnerability in the modes file you can instruct hcraft in how the HTTP request should be constructed, then use the tool to select the appropriate mode and include the dynamic parts of the attack such as target host, port, and the filename to retrieve or the command to execute.

hcraft was originally designed to be primarily used for arbitrary file disclosure or command execution vulnerabilities, however it can also be used for cross-site-scripting and sql-injection attacks if the modeline for the vulnerability is carefully designed.

You can find the debut version of hcraft at the following URL:

http://druid.caughq.org/projects/hcraft/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: