hrekt

A really fast http prober.

Install • Usage • Examples • FYI • Contributing • License • Join Discord

Installation

Fresh Installs

cargo build -r
mv target/release/hrekt /bin/hrekt

Already been installed

cargo build -r
mv target/release/hrekt /<user>/.cargo/bin/

Make sure to replace <user> with your username.

Installer

chmod +x install.sh ; ./install.sh

For Windows Users

If you want to install hrekt on Windows, you are required to install perl & rust

Dependencies

Perl: https://strawberryperl.com/
Rust: https://www.rust-lang.org/learn/get-started]

Then you should be able to run

cargo install --path .

Which will than build and compile the binary to target/release/hrekt.exe

Can only be compiled locally right now.

Usage

Usage: hrekt [OPTIONS]

Options:
  -r, --rate <rate>
          Maximum in-flight requests per second
          
          [default: 1000]

  -c, --concurrency <concurrency>
          The amount of concurrent requests
          
          [default: 100]

  -t, --timeout <timeout>
          The delay between each request
          
          [default: 3]

  -w, --workers <workers>
          The amount of workers
          
          [default: 1]

  -p, --ports <ports>
          the ports to probe default ports are (80,443)
          
          [default: 80,443]

      --title
          display the page titles

      --tech-detect
          display the technology used

      --status-code
          display the status-codes

      --server
          displays the server

      --content-type
          displays the content type

      --content-length
          displays the content length

  -x, --path <path>
          probe the specified path
          
          [default: ]

      --body-regex <body-regex>
          regex to be used to match a specific pattern in the response
          
          [default: ]

      --header-regex <header-regex>
          regex to be used to match a specific pattern in the header
          
          [default: ]

  -l, --follow-redirects
          follow http redirects

  -q, --silent
          suppress output

  -h, --help
          Print help (see a summary with '-h')

  -V, --version
          Print version

Demonstration

Examples

Display titles

cat subs.txt | hrekt --title

Probe ports

cat subs.txt | hrekt --ports 443,80,9200

Display technologies

cat subs.txt | hrekt --tech-detect

Probe the response body

cat subs.txt | hrekt --body-regex 'href="\/content\/dam.*'

Probe the headers

cat subs.txt | hrekt --header-regex 'Server:.*'

Probe the path

cat subs.txt | hrekt --path /v1/api

Multiple Flags

cat subs.txt | hrekt --path /etc.clientlibs --tech-detect --title --body-regex 'href="\/content\/dam.*'

FYI

It's advisable to only use tech detection when needed, as it tends to result in slow discoveries because we use chromium based detection.

If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.

I hope you enjoy

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

Hrekt is distributed under MIT License

ethicalhackingplayground / hrekt