[Full-disclosure] Hellsing

[Ben]

I was looking through my Projects/ folder earlier today and found this discarded piece of work.  I vamped it up a little bit and decided to post it in my blog (socialnetworkwhore.com) as well as here.  It still has a few things busted (like ssl only works with non self signed certificates), but it gets the job done.

Now on to an explanation... Hellsing is a web attack application utility which uses a configuration file to define your attack methods.  It supports cookies, ssl, post and get methods.  It uses format strings to build useful attack patterns.

Example Usage:

./hellsing -c hellsing.conf -t 1 -k 127.0.0.l  -v www.localhost -x /index.php -f 't:123;c:/bin/ls' -o

This tells hellsing to attack the ip 127.0.0.1 over ssl (-o flag; defaults to port 80; 443 for ssl) and target the virtual host www.localhost.  The target app is index.php and the module to be used is 1 (see -l for all modules).  Arguments to the module are t and f, each with the respective values of 123 and /bin/ls.

I left a few web app vulns in the config file to give you examples to play with.  You can do a few more things like encoding (see -e) and selective output buffering (see -s).

Oh one other thing, it sends lots of headers. when I wrote it, I wanted it to emulate the headers firefox sent in a generic http get request.

Anyhow have a good one.

- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hellsing-0.2.tar.gz
Type: application/gzip
Size: 10176 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071228/3c8e5e75/attachment.bin