HTEXPLOIT – Bypassing htaccess Restrictions

HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.

The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.

The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.


  • Multiples modules to execute. 
  • Save the output to an specify directory. 
  • HTML Reporting. 
  • Use multiples wordlist to probe against htaccess bypassing. 
  • Mode verbose for full detailed information.

First Open Your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Web Exploitation Tools->htexpoit

You can also do this manually. First Open your backtrack Terminal and type

cd /pentest/web/htexploit


Python htexploit –u


-h, –help show this help message and exit
-m MODULE, –module=MODULE Select the module to run (Default: detect)
-u URL, –url=URL     **REQUIRED** – Specify the URL to scan
-o OUTPUT, –output=OUTPUT Specify the output directory
-w WORDLIST, –wordlist=WORDLIST Specify the wordlist to use
-v, –verbose Be verbose

Leave a Reply

Your email address will not be published. Required fields are marked *