GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mr-medi → HostPanic

mr-medi / HostPanic

Licence: MIT license
Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

Programming Languages

python
139335 projects - #7 most used programming language

Labels

httpsocketwebscraperhackingbugbountyhacking-toolwebscrappinghacking-codehackingcodebugbounty-toolattack-vector

Projects that are alternatives of or similar to HostPanic

Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (+626.09%)
Mutual labels:  bugbounty, hacking-code, bugbounty-tool
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (+95.65%)
Mutual labels:  bugbounty, hacking-tool, bugbounty-tool
Gofingerprint
GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Stars: ✭ 120 (+421.74%)
Mutual labels:  bugbounty, hacking-tool
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+8282.61%)
Mutual labels:  bugbounty, hacking-tool
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+691.3%)
Mutual labels:  bugbounty, hacking-tool
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+3234.78%)
Mutual labels:  bugbounty, hacking-tool
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+38947.83%)
Mutual labels:  bugbounty, hacking-tool
Redteam Hardware Toolkit
🔺 Red Team Hardware Toolkit 🔺
Stars: ✭ 163 (+608.7%)
Mutual labels:  bugbounty, hacking-tool
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+14643.48%)
Mutual labels:  bugbounty, hacking-tool
fleex
Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
Stars: ✭ 181 (+686.96%)
Mutual labels:  bugbounty, hacking-tool
wordlist generator
Unique wordlist generator of unique wordlists.
Stars: ✭ 41 (+78.26%)
Mutual labels:  bugbounty, bugbounty-tool
Brute-Force-Login
Proof -Of-Concept Brute Force Login on a web-site with a good dictionary of words
Stars: ✭ 231 (+904.35%)
Mutual labels:  hacking-tool, hacking-code
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+3204.35%)
Mutual labels:  bugbounty, hacking-tool
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+1756.52%)
Mutual labels:  bugbounty, hacking-tool
Grecon
Your Google Recon is Now Automated
Stars: ✭ 119 (+417.39%)
Mutual labels:  bugbounty, hacking-tool
Awesome Hacking Lists
平常看到好的渗透hacking工具和多领域效率工具的集合
Stars: ✭ 311 (+1252.17%)
Mutual labels:  bugbounty, hacking-tool
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+604.35%)
Mutual labels:  bugbounty, hacking-tool
magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+1978.26%)
Mutual labels:  bugbounty, bugbounty-tool
Priest
Extract server and IP address information from Browser SSRF
Stars: ✭ 13 (-43.48%)
Mutual labels:  bugbounty, bugbounty-tool
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+31404.35%)
Mutual labels:  bugbounty, hacking-tool
View All Similar Projects ➔

HostPanic

Hacking tool to seek host header injections and escalate it with other kind of vulns like web cache poissoning.

Feel free to contact me (@medi_0ne ) for any suggestion or any help using this tool.

Attack Example

I will share some examples soon about how to approach it.

Installation

# Clone the repo
git clone https://github.com/mr-medi/HostPanic.git

Running the tests

python3 main.py -u https://www.google.com/ -v

Break down into end to end tests

The first thing is to enter a URL or domain, with this data the script will generate a serie of payloads to test for and if any of them find any host header injection in the HTTP headers or in the HTML returned by the server will print out in the terminal.

Let´s take an example:

I enter the url "https://www.google.com/" as seen in the previous example.

The script will do a GET request with different host headers, for example a Port Injection like the following HTTP Header 'Host: domain:22'. If this domain generate any link to construct the absolute URL and uses that header without sanitizes it you, then you can try to poisson that request with the reflected input as the host header and perform a responsible DOS attack to let the users without access that link.

In the next image you can see the sucesful result of a port injection in the host header in Google: Index page

USAGE:

[*] NORMAL MODE
python3 main.py -u <URL>

[*] NORMAL MODE + VERBOSE (Print HTTP headers of response)
python3 main.py -u <URL> -v

[*] NORMAL MODE + TEST LOCAL IP RANGE IN HOST HEADER (Following example will do 254 request from 192.168.0.1 to 192.168.0.255)
python3 main.py -u <URL> -r "192.168.0."

[*] NORMAL MODE + ADD COOKIES TO EACH REQUEST
python3 main.py -u <URL> -c "Mycookie1=1;MyEvilcookie2=2"

Authors

  • Mr.Medi

Special Thanks

This work is inspired by the following excellent researches:

TODO

  • Test for Web Cache Poissoning attacks and try to escalate all the host header injections found
  • Create a client to test for DNS pingbacks
  • Export results in a JSON file
  • Let the users to use his own list of payloads in the host header
  • Comment and refactor the code
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].