HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.
The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.
- Multiples modules to execute.
- Save the output to an specify directory.
- HTML Reporting.
- Use multiples wordlist to probe against htaccess bypassing.
- Mode verbose for full detailed information.
First Open Your backtrack and Follow these path
Applications->Backtrack–>Exploitation Tools->Web Exploitation Tools->htexpoit
You can also do this manually. First Open your backtrack Terminal and type
Python htexploit –u www.example.com
|-h, –help||show this help message and exit|
|-m MODULE, –module=MODULE||Select the module to run (Default: detect)|
|-u URL, –url=URL||**REQUIRED** – Specify the URL to scan|
|-o OUTPUT, –output=OUTPUT||Specify the output directory|
|-w WORDLIST, –wordlist=WORDLIST||Specify the wordlist to use|
|-v, –verbose||Be verbose|
Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.
- It creates a directory with all the information, including nmap output files.
- It uses colors to remark important information on the console.
- It detects some security problems like host name problems, unusual port numbers and zone transfers.
- It is heavily tested and it is very robust against DNS configuration problems.
- It uses nmap for active host detection, port scanning and version information (including nmap scripts).
- It searches for SPF records information to find new hostnames or IP addresses.
- It searches for reverse DNS names and compare them to the hostname.
- It prints out the country of every IP address.
- It creates a PDF file with results.
- It automatically detects and analyze sub-domains!
- It searches for domains emails.
- It checks the 192 most common hostnames in the DNS servers.
- It checks for Zone Transfer on every DNS server.
- It finds the reverse names of the /24 network range of every IP address.
- It finds active host using nmap complete set of techniques.
- It scan ports using nmap.
- It searches for host and port information using nmap.
- It automatically detects web servers used.
- It crawls every web server page using our Web Crawler Security Tool.
- It filters out hostnames based on their name.
- It pseudo-randomly searches N domains in google and automatically analyze them!
- Uses CTRL-C to stop current analysis stage and continue working.
First download Domain Security Analyzer from here and save in your desktop
Now untar the file tar zxvf domainanalyzer.tar.gz
./crawler.py –u www.hackingarticles.in
|-u, –url||URL to start crawling.|
|-m, –max-amount-to-crawl||Max deep to crawl. Using breadth first algorithm|
|-w, –write-to-file||Save summary of crawling to a text file. Output directory is created automatically|
|-s, –subdomains||Also scan subdomains matching with url domain.|
|-r, –follow-redirect||Do not follow redirect. By default follow redirection at main URL.|
|-f, –fetch-files||Download there every file detected in ‘Files’ directory. Overwrite existing content.|
|-F, –file-extension||Download files specified by comma separated extensions. This option also activates ‘fetch-files’ option. ‘Ex.: -F pdf,xls,doc’|
|-d, –docs-files||Download docs files:xls,pdf,doc,docx,txt,odt,gnumeric,csv, etc. This option also activates ‘fetch-files’ option.|
|-E,–exclude-extensions||Do not download files that matches with this extensions. Options ‘-f’,'-F’ or ‘-d’ needed.|
|-h, –help||Show this help message and exit.|
|-V, –version||Output version information and exit|
|-v, –verbose||Be verbose|
./domain_analyzer_v_0.5.py –d www.example.com
|-h, –help||Show this help message and exit|
|-V, –version||Output version information and exit.|
|-d, –domain||Domain to analyze.|
|-j, –not-common-hosts-names||Do not check common host names. Quicker but you will lose hosts|
|-t, –not-zone-transfer||Do not attempt to transfer the zone.|
|-n, –not-net-block||Do not attempt to -sL each IP netblock.|
|-o, –store-output||Store everything in a directory named as the domain. Nmap output files and the summary are stored inside.|
|-a, –not-scan-or-active||Do not use nmap to scan ports nor to search for active hosts|
|-p, –not-store-nmap||Do not store any nmap output files in the directory <output-directory>/nmap|
|-e, –zenmap||Move xml nmap files to a directory and open zenmap with the topology of the whole group. Your user should have access to the DISPLAY variable.|
|-g, –not-goog-mail||Do not use goog-mail.py (embebed) to look for emails for each domain|
|-s, –not-subdomains||Do not analyze sub-domains recursively. You will lose subdomain internal information.|
|-f, –create-pdf||Create a pdf file with all the information.|
|-w, –not-webcrawl||Do not web crawl every web site (in every port) we found looking for public web mis-configurations (Directory listing, etc.).|
|-m, –max-amount-to-crawl||If you crawl, do it up to this amount of links for each web site. Defaults to 50.|
|-F, –download-files||If you crawl, do ti up to this amount of links for each web site. Defaults to 10.|
|-c, –not-countrys||Do not resolve the country name for every IP and hostname.|
|-q, –not-spf||Do not check SPF records.|
|-k, –random-domain||Find this amount of domains from google and analyze them. For base domain|
|-x, –nmap-scantype||Nmap parameters to port scan. Defaults to: ‘-O –reason –webxml –traceroute|
The backbone of thad0ctor’s Backtrack 5 Toolkit is the Wordlist Toolkit that contains a plethora of tools to create, modify, and manipulate word lists in order for end users to strengthen their systems by testing their passwords against a variety of tools designed to expose their pass phrases. In short it is the ultimate tool for those looking to make a wide variety of word lists for dictionary based and other brute force attacks.
The toolkit is designed with usability in mind for the Backtrack 5R2 Linux distro but will also work on BT5 R1 and other Ubuntu based distros if configured properly. The script is constantly updated with multiple revisions to include new cutting edge features and improvements in order to provide full spectrum wordlist creation capabilities.
- Create word lists for SSNs, Phone Numbers, Date Ranges, Random Patterns, Password Policies, Patterns, from PDF/EBOOK files, for Default Router Passwords, or by profiling targets
- Manipulate word lists by changing character cases, mirroring or doubling up words, reversing words prefixing or appending sequences of numbers or characters, inserting text, removing patterns or characters, converting words to 1337 speak, mangling words with John the Ripper and more
- Optimize word lists by converting them to ASCII, trimming the words to set minimum and maximum lengths, sorting and removing duplicates, removing non-printable characters, splitting word lists into more manageable chunks and more
- Analyzes word lists by viewing their line count, a break down of their most common patterns and characters used, search word lists for a certain string or sub-string, and calculate the time it would take to process a word list through a aircrack-ng or pyrit based dictionary attack
- Combine individual word lists or word lists of a directory into a single word list and gather word lists system wide into one directory
- Fully customize the usage of the script to streamline functionality. Change console output text color, configure passthough attack options for certain attacks, toggle or force on or off the GTK and CLI versions of the script, toggle whether or not to display the start up banner, toggle the main menu style and customize the script 1337ify options.
- Stay up to date with a fully integrated and fool proof update system that pulls directly from the script’s Sourceforge for up to the minute updates and configure whether or not you would like to auto-update the script on start up.
- Make sure everything is working properly and dependencies are met with an automated dependency check and install system that takes all the pain and guesswork out of dependency issues.
First Download thad0ctor Toolkit from here on your desktop
Now unzip the file unzip thad0ctors.zip
Now you can start it with./LAUNCH_TOOLKIT.sh
Now choose option 1 wordlist tools (creation, Manipulation, Combination, and Analyzation)
In main menu choose option 2 for wifi tools
In main menu choose option 3 for view all this script’s word list tools
In main menu choose option c for configure /Install Scripts and Shortcuts /check dependencies
In main menu choose option I for Info / Readme /Upgrade /chagelog /Debug Info /Dev, RSS Feed
Goofile is other python tool which is used for finding the different files existed in the website. There is only single command line in the usage of the tool.
Open your backtrack terminal and type cd /pentest/enumeration/google/goofile
If you would like to search for files with the extension “pdf” on this website, run this command:
Python goofile.py –d www.example.com –f pdf
-d: domain to search
-f: filetype (ex. pdf