Htexploit

Description

HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.

The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.

The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.

Usage

Syntax

htexploit -u [URL] [options]

Options

  -h, --help            show this help message and exit
  -m MODULE, --module=MODULE
                        Select the module to run (Default: detect)
  -u URL, --url=URL     **REQUIRED** - Specify the URL to scan
  -o OUTPUT, --output=OUTPUT
                        Specify the output directory
  -w WORDLIST, --wordlist=WORDLIST
                        Specify the wordlist to use
  -v, --verbose         Be verbose

Example

cyborg@cyborg:~$ sudo htexploit -u http://192.168.1.18/target

 _    _   _______   ______                  _           _   _   
| |  | | |__   __| |  ____|                | |         (_) | |  
| |__| |    | |    | |__    __  __  _ __   | |   ___    _  | |_ 
|  __  |    | |    |  __|   \ \/ / | '_ \  | |  / _ \  | | | __|
| |  | |    | |    | |____   >  <  | |_) | | | | (_) | | | | |_ 
|_|  |_|    |_|    |______| /_/\_\ | .__/  |_|  \___/  |_|  \__|
                                   | |                          
                                   |_|  v0.7b

[-] http://192.168.1.18/target seems exploitable. Enjoy :)

Would you like to run the ‘full’ scan module? [Y/n]

[+] Full Scan Completed.
[+] 6 files were downloaded, out of 721 (0% success rate). Report was saved in '/pentest/web/htexploit/htexploit-42270'



		
	
	
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?