Description

Httsquash is an http server scanner, banner grabber and data retriever (there's a GUI interface for it). It can be used for scanning large ranges of ip for finding devices or http servers. It supports IPv6 and personalized http requests. Experimental fingerprint support, based on httprecon signatures (http://www.computec.ch/projekte/httprecon/).

Installation

Before installing httsquash, you should read the article about Complemento.

Installation from sources

$ mkdir -p /pentest/enumeration/
$ cd /pentest/enumeration/
$ wget http://downloads.sourceforge.net/project/complemento/complemento/complemento-0.7.6/complemento-0.7.6.tar.gz
$ tar xzvf complemento-0.7.6.tar.gz
$ cd complemento/httsquash/
$ make

Usage

Basic syntax

$ httsquash -r range [options]

Common Options

-r

range of ip addresses or target dns name

examples: 208.67.1.1-254, 2001::1428:57ab-6344, google.com

-p

port (default 80)

Extra options

-t

time in seconds (default 3)

-m

max scan processes (default 10)

-b

print body of response (html data)

-S

use HTTPS instead of HTTP

-T

custom request type (default GET)

-U

custom request URL (default /)

-H

set an header for the request (can be used multiple times)

examples: Keep-Alive:300, User-Agent:httsquash

Script options

-j

cookie jar separator ("%%")

Example

$ ./httsquash -r 192.168.100.1 -U /index.php/Main_Page
FOUND: 192.168.100.1 80
HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 15:06:26 GMT
Server: Apache
Content-language: en
Vary: Accept-Encoding,Cookie,User-Agent
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Last-Modified: Sat, 11 Dec 2010 12:26:25 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Comments

Talk:Complemento/Httsquash