https://github.com/byt3n33dl3/httpx
Sharp Karambit for Web Domain Crucifixion and Account Takeover.
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (15.2%) to scientific vocabulary
Keywords
Repository
Sharp Karambit for Web Domain Crucifixion and Account Takeover.
Basic Info
Statistics
- Stars: 14
- Watchers: 1
- Forks: 2
- Open Issues: 0
- Releases: 6
Topics
Metadata Files
README.md
Karambit • Capability • Usage • Master
Fast and multi purpose HTTP toolkit that allows running multiple probes using the retryable HTTP library. It is designed to maintain result reliability with an increased number of threads. httpX has been an essential asset in the arsenal of Security professionals and researchers.
httpX / Assessor
```hs
__ __ __ _ __
/ /_ / // /____ | |/ /
/ __ \/ / _/ _ | /
/ / / / // // // / |
// //_/__/ .//||v2
//
```
httpX
httpX can be used as a library by creating an instance of the Option struct and populating it with the same options that would be specified via CLI. Once validated, the struct should be passed to a runner instance to be closed at the end of the program and the RunEnumeration method should be called.
Sharp Karambit
A CLI software for Web Domain Crucifixion and Account Takeover.
An Open source Penetration Testing tool that automates the process of detecting and exploiting HTTP and HTTPs flaws and taking over of the Insecure Domain services. It comes with a powerful detection engine, many niche features for the ultimate Penetration Tester, and a broad range of switches including Domain fingerprinting, over data fetching from any services, accessing the underlying file systems.
- Simple and modular code base making it easy to contribute.
- Fast And fully configurable flags to probe multiple elements.
- Supports multiple
HTTPbased probings. - Smart auto fallback from https to http as default.
- Supports hosts, URLs and CIDR as input.
- Account Takeover
- Domain Escalation
- Handles edge cases doing retries, backoffs etc for handling WAFs.
| :vampire: Disclaimer | |---------------------------------| | This project is in active development. Expect breaking changes with releases. Review the changelog before updating. | | This project was primarily built to be used as a standalone CLI tool. Running it as a service may pose security risks. It's recommended to use with caution and additional security measures. |
Interface
Probes
| Probes | Default check | Probes | Default check | |-----------------|---------------|----------------|---------------| | URL | true | IP | true | | Title | true | CNAME | true | | Status Code | true | Raw HTTP | true | | Content Length | true | HTTP2 | true | | TLS Certificate | true | HTTP Pipeline | true | | CSP Header | true | Virtual host | true | | Line Count | true | Word Count | true | | Location Header | true | CDN | true | | Web Server | true | Paths | true | | Web Socket | true | Ports | true | | Response Time | true | Request Method | true | | Favicon Hash | false | Probe Status | true | | Body Hash | true | Header Hash | true | | Redirect chain | false | URL Scheme | true | | JARM Hash | false | ASN | true |
Notes
- As default,
httpxprobe with HTTPs scheme and fall-back to HTTP only if HTTPs is not reachable. - The
-no-fallbackflag can be used to probe and display both HTTP and HTTPs result. - Custom scheme for ports can be defined, for example
-portshttp:443,http:80,https:8443 - Custom resolver supports multiple protocol (doh|tcp|udp) in form of
protocol:resolver:port (e.g.udp:127.0.0.1:53) - The following flags should be used for specific use cases instead of running them as default with other probes:
-ports-path-vhost-screenshot-csp-probe-tls-probe-favicon-http2-pipeline-tls-impersonate
Credits / main
- Projectdiscovery projectdiscovery.io
AGPL / LICENSE
GNU AFFERO GENERAL PUBLIC LICENSE 3.0
The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users.
Owner
- Name: Sulaiman
- Login: byt3n33dl3
- Kind: user
- Location: Error 403: Not on earth
- Website: https://byt3n33dl3.substack.com/
- Twitter: byt3n33dl3
- Repositories: 91
- Profile: https://github.com/byt3n33dl3
I N F R A X 8 6
GitHub Events
Total
- Release event: 6
- Watch event: 6
- Delete event: 1
- Member event: 1
- Push event: 29
- Fork event: 1
- Create event: 9
Last Year
- Release event: 6
- Watch event: 6
- Delete event: 1
- Member event: 1
- Push event: 29
- Fork event: 1
- Create event: 9
Issues and Pull Requests
Last synced: 10 months ago
All Time
- Total issues: 0
- Total pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Total issue authors: 0
- Total pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- alpine 3.18.2 build
- golang 1.21.4-alpine build
- aead.dev/minisign v0.2.0
- github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible
- github.com/Masterminds/semver/v3 v3.2.1
- github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057
- github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809
- github.com/PuerkitoBio/goquery v1.8.1
- github.com/VividCortex/ewma v1.2.0
- github.com/akrylysov/pogreb v0.10.2
- github.com/alecthomas/chroma/v2 v2.14.0
- github.com/andybalholm/brotli v1.1.0
- github.com/andybalholm/cascadia v1.3.2
- github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
- github.com/aymanbagabas/go-osc52/v2 v2.0.1
- github.com/aymerick/douceur v0.2.0
- github.com/bits-and-blooms/bitset v1.13.0
- github.com/byt3n33dl3/asnmap v1.1.1
- github.com/byt3n33dl3/blackrock v0.0.1
- github.com/byt3n33dl3/cdncheck v1.1.0
- github.com/byt3n33dl3/clistats v0.1.1
- github.com/byt3n33dl3/dsl v0.2.5
- github.com/byt3n33dl3/fastdialer v0.2.9
- github.com/byt3n33dl3/fdmax v0.0.4
- github.com/byt3n33dl3/freeport v0.0.7
- github.com/byt3n33dl3/goconfig v0.0.1
- github.com/byt3n33dl3/goflags v0.1.64
- github.com/byt3n33dl3/gologger v1.1.25
- github.com/byt3n33dl3/gostruct v0.0.2
- github.com/byt3n33dl3/hmap v0.0.61
- github.com/byt3n33dl3/machineid v0.0.0-20240226150047-2e2c51e35983
- github.com/byt3n33dl3/mapcidr v1.1.34
- github.com/byt3n33dl3/networkpolicy v0.0.9
- github.com/byt3n33dl3/ratelimit v0.0.54
- github.com/byt3n33dl3/rawhttp v0.1.68
- github.com/byt3n33dl3/retryabledns v1.0.78
- github.com/byt3n33dl3/retryablehttp-go v1.0.81
- github.com/byt3n33dl3/tlsx v1.1.7
- github.com/byt3n33dl3/useragent v0.0.69
- github.com/byt3n33dl3/utils v0.2.12
- github.com/byt3n33dl3/wappalyzergo v0.1.22
- github.com/charmbracelet/glamour v0.8.0
- github.com/charmbracelet/lipgloss v0.13.0
- github.com/charmbracelet/x/ansi v0.3.2
- github.com/cheggaaa/pb/v3 v3.1.4
- github.com/cloudflare/cfssl v1.6.4
- github.com/cloudflare/circl v1.3.8
- github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08
- github.com/corona10/goimagehash v1.1.0
- github.com/davecgh/go-spew v1.1.1
- github.com/dimchansky/utfbom v1.1.1
- github.com/dlclark/regexp2 v1.11.4
- github.com/docker/go-units v0.5.0
- github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5
- github.com/fatih/color v1.16.0
- github.com/gaissmai/bart v0.9.5
- github.com/go-faker/faker/v4 v4.1.1
- github.com/go-ole/go-ole v1.2.6
- github.com/go-rod/rod v0.114.0
- github.com/go-viper/mapstructure/v2 v2.1.0
- github.com/golang/protobuf v1.5.4
- github.com/golang/snappy v0.0.4
- github.com/google/certificate-transparency-go v1.1.4
- github.com/google/go-github/v30 v30.1.0
- github.com/google/go-querystring v1.1.0
- github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
- github.com/google/uuid v1.6.0
- github.com/gorilla/css v1.0.1
- github.com/hashicorp/go-version v1.6.0
- github.com/hbakhtiyor/strsim v0.0.0-20190107154042-4d2bbb273edf
- github.com/hdm/jarm-go v0.0.7
- github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056
- github.com/json-iterator/go v1.1.12
- github.com/julienschmidt/httprouter v1.3.0
- github.com/kataras/jwt v0.1.10
- github.com/klauspost/compress v1.17.8
- github.com/klauspost/pgzip v1.2.6
- github.com/kljensen/snowball v0.8.0
- github.com/logrusorgru/aurora v2.0.3+incompatible
- github.com/lucasb-eyer/go-colorful v1.2.0
- github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0
- github.com/mattn/go-colorable v0.1.13
- github.com/mattn/go-isatty v0.0.20
- github.com/mattn/go-runewidth v0.0.16
- github.com/mfonda/simhash v0.0.0-20151007195837-79f94a1100d6
- github.com/mholt/archiver/v3 v3.5.1
- github.com/microcosm-cc/bluemonday v1.0.27
- github.com/miekg/dns v1.1.59
- github.com/minio/selfupdate v0.6.1-0.20230907112617-f11e74f84ca7
- github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
- github.com/modern-go/reflect2 v1.0.2
- github.com/muesli/reflow v0.3.0
- github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a
- github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
- github.com/nwaples/rardecode v1.1.3
- github.com/olekukonko/tablewriter v0.0.5
- github.com/pierrec/lz4/v4 v4.1.21
- github.com/pkg/errors v0.9.1
- github.com/pmezard/go-difflib v1.0.0
- github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c
- github.com/refraction-networking/utls v1.6.7
- github.com/rivo/uniseg v0.4.7
- github.com/rogpeppe/go-internal v1.12.0
- github.com/rs/xid v1.5.0
- github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d
- github.com/sashabaranov/go-openai v1.15.3
- github.com/shirou/gopsutil/v3 v3.24.2
- github.com/shoenig/go-m1cpu v0.1.6
- github.com/spaolacci/murmur3 v1.1.0
- github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf
- github.com/stretchr/testify v1.9.0
- github.com/syndtr/goleveldb v1.0.0
- github.com/tidwall/btree v1.7.0
- github.com/tidwall/buntdb v1.3.1
- github.com/tidwall/gjson v1.17.1
- github.com/tidwall/grect v0.1.4
- github.com/tidwall/match v1.1.1
- github.com/tidwall/pretty v1.2.1
- github.com/tidwall/rtred v0.1.2
- github.com/tidwall/tinyqueue v0.1.1
- github.com/tklauser/go-sysconf v0.3.12
- github.com/tklauser/numcpus v0.6.1
- github.com/ulikunitz/xz v0.5.12
- github.com/weppos/publicsuffix-go v0.30.2
- github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8
- github.com/ysmood/fetchup v0.2.3
- github.com/ysmood/goob v0.4.0
- github.com/ysmood/got v0.34.1
- github.com/ysmood/gson v0.7.3
- github.com/ysmood/leakless v0.8.0
- github.com/yuin/goldmark v1.7.4
- github.com/yuin/goldmark-emoji v1.0.3
- github.com/yusufpapurcu/wmi v1.2.4
- github.com/zcalusic/sysinfo v1.0.2
- github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248
- github.com/zmap/zcrypto v0.0.0-20240512203510-0fef58d9a9db
- go.etcd.io/bbolt v1.3.10
- go.uber.org/multierr v1.11.0
- golang.org/x/crypto v0.27.0
- golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
- golang.org/x/mod v0.17.0
- golang.org/x/net v0.29.0
- golang.org/x/oauth2 v0.18.0
- golang.org/x/sync v0.8.0
- golang.org/x/sys v0.25.0
- golang.org/x/term v0.24.0
- golang.org/x/text v0.18.0
- golang.org/x/time v0.5.0
- golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
- google.golang.org/appengine v1.6.8
- google.golang.org/protobuf v1.33.0
- gopkg.in/djherbis/times.v1 v1.3.0
- gopkg.in/ini.v1 v1.67.0
- gopkg.in/yaml.v3 v3.0.1
- 369 dependencies
- black ^20.8b1 develop
- flake8 * develop
- pylint * develop
- pytest * develop
- pytest-asyncio * develop
- requests * develop
- aiodns ^2.0.0
- aiofiles ^0.5.0
- aiosqlite ^0.13.0
- fastapi ^0.55.1
- imgcat ^0.5.0
- jinja2 ^2.11.2
- lxml ^4.5.2
- prompt-toolkit ^3.0.5
- pydantic ^1.5.1
- pyppeteer ^0.2.2
- python ^3.13.0
- python-multipart ^0.0.5
- pyyaml ^5.3.1
- terminaltables ^3.1.0
- uvicorn ^0.11.5
- xmltodict ^0.12.0