H T E x p l o i t
HTExploit (HiperText access Exploit)
is an open-source tool written in Python that exploits a weakness in
the way that .htaccess files can be configured to protect a web
directory with an authentication process.
By using this tool anyone
would be able to list the contents of a directory protected this way,
bypassing the authentication process.
The tool provides modularity, by allowing the tester to fully perform
an analysis on the protected website of the following attacks: SQL
Injection, Local File Inclusion, Remote File Inclusion and others.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.
HTExploit has been presented and released at Black Hat USA 2012. Now included in different Security Distros, as BackTrack 5 R3, Matriux Security and SamuraiWTF.
Features
- x Multiples modules to execute.
- x Save the output to an specify directory.
- x HTML Reporting.
- x Use multiples wordlist to probe against htaccess bypassing.
- x Mode verbose for a full detailed information.
- x Recursive crawling engine.
Requirements
- x Python
No hay comentarios:
Publicar un comentario