Skip to content

External tools

Jump to bottom
Key4051 edited this page Dec 30, 2019 · 22 revisions

Welcome to the htrace.sh wiki!

You can file an issue about it and ask that it be added.

External tools

htrace.sh support external tools for security scans:

  • testssl.sh - cli tool for testing SSL configuration, working with https
    include params: --quiet --protocols --cipher-per-proto --server-preference --server-defaults \"$_host\"

  • Mozilla Observatory - cli version of observatory.mozilla.org, working with http and https
    include params: --format=report --rescan --zero --quiet

  • Ssllabs - command-line reference-implementation client for SSL Labs API, working with https
    include params: -quiet -grade

  • mixed-content-scan - cli tool for check HTTPS-enabled website for Mixed Content, working with https
    include params: -user-agent \"$_user_agent\" --no-check-certificate

  • Nmap NSE Library - provide automated security scans with Nmap, working with dns, http and https
    include scripts:

    • dns-brute
    • http-auth-finder
    • http-chrono
    • http-cookie-flags
    • http-cors
    • http-cross-domain-policy
    • http-csrf
    • http-dombased-xss
    • http-enum
    • http-errors
    • http-git
    • http-grep
    • http-internal-ip-disclosure
    • http-jsonp-detection
    • http-malware-host
    • http-methods
    • http-passwd
    • http-phpself-xss
    • http-php-version
    • http-robots.txt
    • http-sitemap-generator
    • http-shellshock
    • http-stored-xss
    • http-title
    • http-unsafe-output-escaping
    • http-useragent-tester
    • http-vhosts
    • http-waf-detect
    • http-waf-fingerprint
    • http-xssed
    • traceroute-geolocation.nse
    • ssl-enum-ciphers
    • whois-domain
    • whois-ip
    • vulscan
      include scripts params:
    local _nmap_nse_scripts_args="dns-brute.domain=${_host},"
      _nmap_nse_scripts_args+="http-cross-domain-policy.domain-lookup=true,"
      _nmap_nse_scripts_args+="http-waf-detect.aggro,"
      _nmap_nse_scripts_args+="http-waf-detect.detectBodyChanges,

  • wafw00f - cli tool for testing web application firewalls and protection systems, working with http and https
    include params: -v \"$_host\"

  • SubFinder - cli tool for discovers valid subdomains for websites, working with dns
    include params: -d \"$_host\" --silent -t 10 | grep -v \"canceled\|error\|warning\|fail\|timeout\"

  • nghttp2 - cli tool for testing HTTP/2
    include params: -nu -v \"$_host\"

Warning:

When scanning for mixed content, with Nmap scripting engine, or SubFinder remember that it may take a long time before the entire site/domain is checked. In addition, NSE scripts can generate a large number of requests.

htrace.sh v1.1.7

Basic

Usage

Output

Clone this wiki locally