• Stars
    star
    6,086
  • Rank 6,619 (Top 0.2 %)
  • Language
    Go
  • License
    MIT License
  • Created about 5 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An HTTP toolkit for security research.

Latest GitHub release Build Status GitHub download count GitHub Documentation

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.

Hetty proxy logs (screenshot)

Features

  • Machine-in-the-middle (MITM) HTTP proxy, with logs and advanced search
  • HTTP client for manually creating/editing requests, and replay proxied requests
  • Intercept requests and responses for manual review (edit, send/receive, cancel)
  • Scope support, to help keep work organized
  • Easy-to-use web based admin interface
  • Project based database storage, to help keep work organized

👷‍♂️ Hetty is under active development. Check the backlog for the current status.

📣 Are you pen testing professionaly in a team? I would love to hear your thoughts on tooling via this 5 minute survey. Thank you!

Getting started

💡 The Getting started doc has more detailed install and usage instructions.

Installation

The quickest way to install and update Hetty is via a package manager:

macOS

brew install hettysoft/tap/hetty

Linux

sudo snap install hetty

Windows

scoop bucket add hettysoft https://github.com/hettysoft/scoop-bucket.git
scoop install hettysoft/hetty

Other

Alternatively, you can download the latest release from GitHub for your OS and architecture, and move the binary to a directory in your $PATH. If your OS is not available for one of the package managers or not listed in the GitHub releases, you can compile from source (link coming soon).

Docker

Docker images are distributed via GitHub's Container registry and Docker Hub. To run Hetty via with a volume for database and certificate storage, and port 8080 forwarded:

docker run -v $HOME/.hetty:/root/.hetty -p 8080:8080 \
  ghcr.io/dstotijn/hetty:latest

Usage

Once installed, start Hetty via:

hetty

💡 Read the Getting started doc for more details.

To list all available options, run: hetty --help:

$ hetty --help

Usage:
    hetty [flags] [subcommand] [flags]

Runs an HTTP server with (MITM) proxy, GraphQL service, and a web based admin interface.

Options:
    --cert         Path to root CA certificate. Creates file if it doesn't exist. (Default: "~/.hetty/hetty_cert.pem")
    --key          Path to root CA private key. Creates file if it doesn't exist. (Default: "~/.hetty/hetty_key.pem")
    --db           Database directory path. (Default: "~/.hetty/db")
    --addr         TCP address for HTTP server to listen on, in the form \"host:port\". (Default: ":8080")
    --chrome       Launch Chrome with proxy settings applied and certificate errors ignored. (Default: false)
    --verbose      Enable verbose logging.
    --json         Encode logs as JSON, instead of pretty/human readable output.
    --version, -v  Output version.
    --help, -h     Output this usage text.

Subcommands:
    - cert  Certificate management

Run `hetty <subcommand> --help` for subcommand specific usage instructions.

Visit https://hetty.xyz to learn more about Hetty.

Documentation

📖 Read the docs

Support

Use issues for bug reports and feature requests, and discussions for questions and troubleshooting.

Community

💬 Join the Hetty Discord server

Contributing

Want to contribute? Great! Please check the Contribution Guidelines for details.

Acknowledgements

Sponsors

Sponsored by Tines

💖 Are you enjoying Hetty? You can sponsor me!

License

MIT

© 2022 Hetty Software

More Repositories

1

go-notion

Go client for the Notion API.
Go
381
star
2

golang-nextjs-portable

Go program with embedded Next.js app.
TypeScript
226
star
3

ct-diag-server

Diagnosis server for Apple/Google's (COVID-19) Exposure Notification framework.
Go
61
star
4

meteor-geospatial-demo

Meteor app with geospatial queries
JavaScript
23
star
5

yii2-json-schema-validator

A Yii 2 validator for JSON Schema.
PHP
17
star
6

vagrant-nginx-gunicorn-django

Configuration for setting up a Vagrant box with nginx, gunicorn and a stub django project.
Ruby
15
star
7

go-bunq

Go wrapper for the public bunq API.
Go
12
star
8

mailcheck

Tool for checking SPF records for domain names
Go
8
star
9

knowitallbot

A question-answering chatbot using the MessageBird Chat API.
JavaScript
8
star
10

v0x.nl

Source code for https://v0x.nl.
MDX
4
star
11

funda-alert

Funda new house alerts on Telegram.
Go
4
star
12

messagebird-graphql-poc

JavaScript
3
star
13

edena

Toolkit for capturing out-of-band data via HTTP, DNS and SMTP.
Go
3
star
14

astro-cv

Astro template for a CV
Astro
2
star
15

corona-melder-keyset-dashboard

JavaScript
2
star
16

ch7465lg

Go library and Prometheus exporter for the Compal CH7465LG cable modem (Ziggo ConnectBox).
Go
2
star
17

go-xstate

XState written in Go.
Go
2
star
18

tonny

A `net.Listener` to "tee" reads/writes on `net.Conn`s.
Go
1
star
19

exp-notif-crypto

Go implementation of the Encryption Specification of Apple/Google's Exposure Notification framework.
Go
1
star
20

ah-delivery-slots-notif

Automated (SMS) notifier for available delivery slots on ah.nl.
Go
1
star
21

drupstrap

Drupal base theme implementing Bootstrap framework
PHP
1
star
22

funda2csv

Go
1
star