|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] CAU - New Tool: hcraft - HTTP Vuln Request Crafter
From: I)ruid (druid
caughq.org)
Date: Tue Apr 19 2005 - 10:13:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
,o0S$S0o, ,o0S$S0o, $, ,$
$$$'`$$ý' $$' `$$$ $$o o$$
$$$ $' `$ $$$ $$$ $$$
$$$ $$$ $$$ $$$
,o0$0ý' $$$ ,o0S$0$$$ $$$ $$$ `ý0$0o,
$$$ $, $$$' `$$$ $$$ $$$
$$$,,$$o, $$$, ,$$$ $$$,,$$$
`ý0S$S0ý' `ý0S$S0$$, `ý0SS0ý'
- -- Tools Release -- -
hcraft - HTTP Vuln Request Crafter
hcraft is a HTTP systems penetration testing tool designed to make
exploitation of known vulnerabilities in HTTP systems a dynamic, simple
process. hcraft is intended to help take the details out of executing
HTTP- based attacks that require you to specially craft an HTTP request.
By defining a modeline for a given vulnerability in the modes file you
can instruct hcraft in how the HTTP request should be constructed, then
use the tool to select the appropriate mode and include the dynamic
parts of the attack such as target host, port, and the filename to
retrieve or the command to execute.
hcraft was originally designed to be primarily used for arbitrary file
disclosure or command execution vulnerabilities, however it can also be
used for cross-site-scripting and sql-injection attacks if the modeline
for the vulnerability is carefully designed.
You can find the debut version of hcraft at the following URL:
http://druid.caughq.org/projects/hcraft/
--
I)ruid, C²ISSP
druidcaughq.org
http://druid.caughq.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBCZSAAnMFU55olWl8RAoJSAJ4iFhqQZA+uB20jUECkjyZ3BAj/EgCfRhN4
5GsR1v9yCEH600CFrd0NH8g=
=DJ4Q
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]