lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue Apr 19 16:13:17 2005
From: druid at caughq.org (I)ruid)
Subject: CAU - New Tool: hcraft - HTTP Vuln Request Crafter

                       ,o0S$S0o, ,o0S$S0o,  $,    ,$
                       $$$'`$$?' $$'  `$$$  $$o  o$$
                       $$$  $'   `$    $$$  $$$  $$$
                       $$$             $$$  $$$  $$$
               ,o0$0?' $$$       ,o0S$0$$$  $$$  $$$ `?0$0o,
                       $$$  $,   $$$' `$$$  $$$  $$$
                       $$$,,$$o, $$$, ,$$$  $$$,,$$$
                       `?0S$S0?' `?0S$S0$$, `?0SS0?'

                          - -- Tools Release -- -

                     hcraft - HTTP Vuln Request Crafter

hcraft is a HTTP systems penetration testing tool designed to make
exploitation of known vulnerabilities in HTTP systems a dynamic, simple
process. hcraft is intended to help take the details out of executing
HTTP- based attacks that require you to specially craft an HTTP request.
By defining a modeline for a given vulnerability in the modes file you
can instruct hcraft in how the HTTP request should be constructed, then
use the tool to select the appropriate mode and include the dynamic
parts of the attack such as target host, port, and the filename to
retrieve or the command to execute.

hcraft was originally designed to be primarily used for arbitrary file
disclosure or command execution vulnerabilities, however it can also be
used for cross-site-scripting and sql-injection attacks if the modeline
for the vulnerability is carefully designed.

You can find the debut version of hcraft at the following URL:

http://druid.caughq.org/projects/hcraft/

-- 
I)ruid, C?ISSP
druid@...ghq.org
http://druid.caughq.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050419/92c03054/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ