golismero-legacy HTExploit scan plugin

HTExploit scan plugin

Open MarioVilas opened this issue 10 years ago • 4 comments

A plugin that implements the HTExploit attack.

The attack is simple enough (using a fake HTTP verb) that we may not need to use HTExploit code at all - it may even be better to include the code directly into another plugin, like the bruteforcer.

For more information on this attack, see: http://www.alertlogic.com/blackhat-review-of-htaccess-tricks/

Aug 03 '13 18:08 MarioVilas

Possibly the easiest way is just adding the functionality to the Web Fingerprint plugin, since it's already trying invalid methods. Same goes for testing the TRACE method BTW - if enabled that should be reported as a vulnerability.

Aug 19 '13 10:08 MarioVilas

That won't work, we need to integrate it with the bruteforcer instead.

Aug 19 '13 13:08 cr0hn

If this can be done for the next beta, go for it, otherwise just move it to the other milestone and we'll see it later...

Feb 03 '14 17:02 MarioVilas

I agree. It’s not really necessary for this beta.

El 03/02/2014, a las 18:41, Mario Vilas [email protected] escribió:

If this can be done for the next beta, go for it, otherwise just move it to the other milestone and we'll see it later...

— Reply to this email directly or view it on GitHub.

Feb 03 '14 17:02 cr0hn

golismero-legacy golismero-legacy copied to clipboard

HTExploit scan plugin

golismero-legacy
golismero-legacy copied to clipboard