Offensive Security Tool: headi
headi
cloud_enum by mlcsec, is a customizable and automated HTTP header injection tool. It is used to test web applications by injecting various HTTP headers to identify potential security vulnerabilities or anomalies in the way the server processes requests.
Installation
go install github.com/mlcsec/headi@latest
Or from git:
git clone https://github.com/mlcsec/headi.git
make before.build
make build.headi
sudo mv headi /usr/local/bin
See Also: So you want to be a hacker?
Offensive Security and Ethical Hacking Course
Headers
Injects the following HTTP headers:
- Client-IP
- Connection
- Contact
- Forwarded
- From
- Host
- Origin
- Referer
- True-Client-IP
- X-Client-IP
- X-Custom-IP-Authorization
- X-Forward-For
- X-Forwarded-For
- X-Forwarded-Host
- X-Forwarded-Server
- X-Host
- X-HTTP-Host-Override
- X-Original-URL
- X-Originating-IP
- X-Real-IP
- X-Remote-Addr
- X-Remote-IP
- X-Rewrite-URL
- X-Wap-Profile
See Also: Offensive Security Tool: Nginxpwner
See Also: Deep Dive to Fuzzing for Maximum Impact
Usage
Two options for HTTP header injection:
- Default payloads (127.0.0.1, localhost, etc.) are injected into the headers mentioned above
- Custom payloads can be supplied (e.g. you’ve enumerated some internal IPs or domains) using the pfile parameter
Currently only takes one URL as input but you can easily bash script for numerous URLs like so:
$ for i in $(cat urls); do headi -url $i;done
Clone the repo from here: GitHub Link
Recent Tools
Offensive Security Tool: emp3r0r
emp3r0r is a post-exploitation framework designed for both Linux and …Blue Team Tool: Ghostport
Ghostport is a sophisticated port spoofing tool designed to confuse …Red Teaming Tool: avred
Avred is a tool designed for Red Teamers to identify …Recon Tool: emailFinder
emailFinder is a web scraping tool that extracts email addresses …
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
