HTExploit-en modified by Maguey

Maguey — Wed, 11 Dec 2013 17:24:47 -0000

--- v1
+++ v2
@@ -7,70 +7,63 @@
 HTExploit
 

-Phase(s):1769242397
-Primary: Discovery.
+Phase(s):
+Primary: Exploitation.
 Secondary:  N/A.

 

 Description: 
-Tool that performs a vulnerability scan on web applications. It runs in two modes, the first one performs a spidering  of the web application and the second one uses dictionary based brute force attacks.
+Tool that leverages an improperly configured .htaccess file in Apache + PHP environments. It performs a scan by sending petitions with unrecognized HTTP methods to the Apache application server in order to gain access to restricted PHP files.

 

 Objective:
 
-Detect vulnerabilities on the web application.
+
Obtain PHP files to analyze their content.
 

 

 Features:
-Supported technologies: Web applications (HTTP).
+Supported technologies: Web applications (HTTP/HTTPS).

 Operative mode: Active.

 
-Detect vulnerabilities on the web application.
+Obtain PHP files to analyze their content.
 

-Performs a predefined and configurable spidering on the web application; configurations include domain on the scope, restricted URLs and parameters, etc.
-
dentify common vulnerabilities such as Cross Site Script, SQL Injection, Path Traversal, Information Disclosure, etc.
-
Provides a configurable dictionary base brute force attack functionality in order to detect commons resources such as administrative, default and test pages, files backups (.old), etc.
-
Has the capability to include self-defined dictionaries to be used on the brute force module.
-
+Sends petitions with unrecognized HTTP methods from a configurable base dictionary of common PHP file names.
+
Automated file download in HTML format from the detected PHP files.
+
Provides a report from the downloaded files.
 


 
 Reports:

 Output reports:  ✔
-

-Reports in HTML format which includes the visited URLS and detected vulnerabilities divided into three sections:
 

-URL: URLs detected by the spidering module.
-
Document type: URL categorization by content based on the response.
-
Detected vulnerabilities: URL groups by matching vulnerabilities.
-
+Report in HTML which includes the list of downloaded files.
 


 

 Basic usage:
-Realizar una ejecución con la lista por defecto de la herramienta. La siguiente instrucción inicia la ejecución.
+Perform a scan with the predefined data dictionary. The following instruction initiates the scan on the web application.

 
 ./htexploit -u [URL] -o [Directorio] –w [Directorio]/wordlist.txt 
 



 
-Dónde:
+Where:
 

--u: URL de la aplicación Web.
-
-o: Directorio donde se guarda el reporte.
-
-w: Lista de palabras que se utilizarán para la ejecución del escaneo. En caso de no estar definida en el comando se utiliza una lista por defecto.
+
-u: Web application URL address. 
+
-o: Report export path. 
+
-w: Data dictionary to be used for the scan. In case no dictionary is provided the tool will used the default dictionary.
 
 

-La herramienta comienza con una comprobación que identifica si la URL es vulnerable, después solicita confirmación para realizar un escaneo completo con la lista de palabras que se proporcionó en el comando.
+The tool will begin testing the provided URL in order to verify if it’s vulnerable to the exploit, in case it’s unsuccessful the tool will recommend running a full scan with a data dictionary.

 
 _    _   _______   ______                  _           _   _   

@@ -88,13 +81,13 @@
 Would you like to run the Full Scan module? [Y/n]: 

 



-La herramienta crea el directorio donde se guarda el reporte final y comienza a realizar el escaneo completo. 
+The tool then will create the directory for saving the report and downloaded files.

 
 [+] Creating report... 

 



-Cuando finaliza el escaneo, muestra un mensaje de los resultados obtenidos y la ruta donde se guardó el reporte.
+Then the scan is completed, the tool will display a successful message along the path of the exported results.

 
 [+] Scan completed.

@@ -105,7 +98,8 @@

 



-Ejemplo de reporte:
+Example report:
+
 
 [[img src=https://sourceforge.net/p/maguey/wiki/repo_img/attachment/HTExploit-01.jpg alt=image height=50% width=50%]]

HTExploit-en modified by Maguey

Maguey — Wed, 11 Dec 2013 16:33:25 -0000

Back Español

HTExploit

Phase(s):

1769242397
Primary: Discovery.
Secondary: N/A.

Description:

Tool that performs a vulnerability scan on web applications. It runs in two modes, the first one performs a spidering of the web application and the second one uses dictionary based brute force attacks.

Objective:

Detect vulnerabilities on the web application.

Features:

Supported technologies: Web applications (HTTP).

Operative mode: Active.

Detect vulnerabilities on the web application.

Performs a predefined and configurable spidering on the web application; configurations include domain on the scope, restricted URLs and parameters, etc.
dentify common vulnerabilities such as Cross Site Script, SQL Injection, Path Traversal, Information Disclosure, etc.
Provides a configurable dictionary base brute force attack functionality in order to detect commons resources such as administrative, default and test pages, files backups (.old), etc.
Has the capability to include self-defined dictionaries to be used on the brute force module.

Reports:
Output reports: ✔
Reports in HTML format which includes the visited URLS and detected vulnerabilities divided into three sections:

URL: URLs detected by the spidering module.
Document type: URL categorization by content based on the response.
Detected vulnerabilities: URL groups by matching vulnerabilities.

Basic usage:

Realizar una ejecución con la lista por defecto de la herramienta. La siguiente instrucción inicia la ejecución.

./htexploit -u [URL] -o [Directorio] –w [Directorio]/wordlist.txt

Dónde:

-u: URL de la aplicación Web.
-o: Directorio donde se guarda el reporte.
-w: Lista de palabras que se utilizarán para la ejecución del escaneo. En caso de no estar definida en el comando se utiliza una lista por defecto.

La herramienta comienza con una comprobación que identifica si la URL es vulnerable, después solicita confirmación para realizar un escaneo completo con la lista de palabras que se proporcionó en el comando.

_ _ _______ ______ _ _ _
| | | | |__ __| | ____| | | (_) | |
| |__| | | | | |__ __ __ _ __ | | ___ _ | |_
| __ | | | | __| \ \/ / | '_ \ | | / _ \ | | | __|
| | | | | | | |____ > < | |_) | | | | (_) | | | | |_
|_| |_| |_| |______| /_/\_\ | .__/ |_| \___/ |_| \__|
| |
|_| v0.77

[-] http://localhost/aplicacion// is probably NOT exploitable :(
[-] You should run the Full Scan module anyway, just in case.

Would you like to run the Full Scan module? [Y/n]:

La herramienta crea el directorio donde se guarda el reporte final y comienza a realizar el escaneo completo.

[+] Creating report...

Cuando finaliza el escaneo, muestra un mensaje de los resultados obtenidos y la ruta donde se guardó el reporte.

[+] Scan completed.
[+] 3 total files were downloaded, after 2 iteration(s)
[+] The final report file is in '/tools/explotation/htexploit-0.77/Rep_Miapp'

[x] Keep shopping at the HTExploit store! :)

Ejemplo de reporte:

Resources:

Link: http://www.htexploit.org
Author(s): Matias Katz
Contact: http://www.htexploit.org/contact.php
License: GNU GENERAL PUBLIC LICENSE Version 3

Recent changes to HTExploit-en

HTExploit-en modified by Maguey

HTExploit

Phase(s):

Phase(s):

Description:

Objective:

Features:

Basic usage:

HTExploit-en modified by Maguey

HTExploit

Phase(s):

Description:

Objective:

Features:

Basic usage:

Resources: