• Stars
    star
    104
  • Rank 330,604 (Top 7 %)
  • Language
    Python
  • Created over 8 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

HTTPoxy Exploit Scanner by 1N3 @CrowdShield

HTTPoxy Exploit Scanner

by 1N3 @CrowdShield (https://crowdshield.com) Last Updated: 20160720

ABOUT:

PoC/Exploit scanner to scan common CGI files on a target URL for the HTTPoxy vulnerability. Httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. For more details, go to https://httpoxy.org.

REQUIREMENTS:

Requires ncat to establish reverse session

USAGE:

./httpoxyscan.py https://target.com cgi_list.txt 10.1.2.243 3000

This will scan https://target.com with a list of common CGI files while injecting a Proxy header back to a given IP:PORT. A reverse listener will catch the incoming connection to confirm the remote site is vulnerable.

DISCLAIMER:

I take no responsibility for wrong doing or misuse of this exploit.

More Repositories

1

Sn1per

Attack Surface Management Platform
Shell
7,009
star
2

BruteX

Automatically brute force all services running on a target.
Shell
1,741
star
3

Findsploit

Find exploits in local and online databases instantly
Shell
1,499
star
4

BlackWidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Python
1,354
star
5

PrivEsc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
C
913
star
6

Goohak

Automatically Launch Google Hacking Queries Against A Target Domain
Shell
679
star
7

ReverseAPK

Quickly analyze and reverse engineer Android packages
Shell
645
star
8

Wordpress-XMLRPC-Brute-Force-Exploit

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Python
431
star
9

MassBleed

MassBleed SSL Vulnerability Scanner
Shell
235
star
10

Exploits

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Python
188
star
11

PRISM-AP

An automated Wireless RogueAP MITM attack framework.
Shell
156
star
12

XSSTracer

A small python script to check for Cross-Site Tracing (XST)
Python
137
star
13

PowerExfil

A collection of data exfiltration scripts for Red Team assessments.
PowerShell
86
star
14

AttackSurfaceManagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Shell
66
star
15

SuperMicro-Password-Scanner

Supermicro IPMI/BMC Cleartext Password Scanner
Shell
40
star
16

CloudHunter

Find unreferenced AWS S3 buckets which have CloudFront CNAME records pointing to them
Python
33
star
17

1N3

Founder of @Sn1perSecurity LLC. Creator of Sn1per. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP/CISSP/Security+
22
star
18

CTF-Writeups

CTF Writeups
17
star