Course #261: Introduction to httprobe$
# Course #261: Introduction to httprobe$## Installation and Configuration on Kali Linux`httprobe$` is a powerful tool that is part of the web enumeration toolkit available in Kali Linux. It helps security professionals identify live websites from a list of domains by probing them for active HTTP and HTTPS services. Installing and configuring `httprobe$` is straightforward, given its availability in the Kali Linux repository.### Step 1: Updating Kali LinuxBefore installation, ensure your Kali Linux system is up-to-date. Open a terminal and run the following commands:
sudo apt update && sudo apt upgrade -y
### Step 2: Installing httprobe$`httprobe$` can be installed directly from the Kali repositories. You can install it using the following command:
sudo apt install httprobe -y
This command downloads and installs `httprobe$`, along with any necessary dependencies.### Step 3: ConfigurationPost installation configuration is not usually required due to the simplicity of the tool. However, you may want to review or modify the configuration files based on your environment or specific needs.The default configuration file location is usually found in `/etc/httprobe/config.yaml`, but for most users, the default settings will suffice. If you need to customize it, use your preferred text editor:
sudo nano /etc/httprobe/config.yaml
In this file, you can set parameters such as timeouts and the number of concurrent requests, depending on your target environment and network reliability.## Step-by-Step Usage and Real-World Use Cases### Basic UsageOnce installed, you can use `httprobe$` to probe a list of domains. The syntax is simple:
cat domains.txt | httprobe$
This command takes a text file containing your list of domains (one per line) and sends probes to check if they respond on HTTP or HTTPS. The output will list those that returned a valid response.### Real-World Use Case: Web Application EngagementImagine you're conducting a pentest for a company with a large number of subdomains. You receive a list of domains that you need to verify for live web services. Here's how you can utilize `httprobe$` effectively.1. **Gather Subdomains**: Often, you might initially gather a list of subdomains using tools like `Sublist3r` or `Amass`.Example command using `Amass`:
amass enum -d targetdomain.com -o subdomains.txt
2. **Use httprobe$ to Identify Live Hosts**:Now that you have a list of potential subdomains, you can check which ones are live:
cat subdomains.txt | httprobe$
3. **Interpret the Results**:`httprobe$` will output results such as:[/dm_code_snippet]
https://sub1.targetdomain.com
http://sub2.targetdomain.com
[/dm_code_snippet]From here, you can concentrate your testing efforts on these live hosts.### Advanced Usage: Probing with Multiple Options`httprobe$` supports various options to enhance your probing experience. Here’s a breakdown of some advanced usage patterns:
cat domains.txt | httprobe$ -t 1000 -p http,https
In this command:
– `-t 1000` specifies a timeout of 1000 milliseconds for each request.
– `-p http,https` indicates that you want to probe both HTTP and HTTPS protocols.This allows for a more robust probing experience, especially in environments with high latency.## Detailed Technical Explanations### Understanding HTTP and HTTPS Probing`httprobe$` performs basic checks by attempting to connect to specified domains over the HTTP and HTTPS protocols. Here’s a deeper dive into how it works:1. **HTTP Request**: By sending a GET request to the URL, `httprobe$` checks for a 200-level HTTP status code, indicating a successful response. Any status code in the range of 200-399 will confirm active services.2. **HTTPS Request**: The process for HTTPS is similar, but `httprobe$` first establishes a secure socket layer (SSL) before sending the request. This involves validating the SSL certificate and ensuring a secure connection.3. **Output**: Valid domains are printed to standard output, allowing you to easily redirect this information to a file for further analysis.### External Reference LinksFor a deeper understanding of web probing and enumeration, consider the following external resources:– [OWASP Web Security Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
– [HTTP and HTTPS Explained](https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview)
– [Understanding SSL/TLS](https://www.cloudflare.com/learning/how-tls-works/)## Code Examples in Markdown Code Blocks for WordPress### Example 1: Basic ProbingTo check live domains from a simple text file, use the code snippet as follows:
cat domains.txt | httprobe$
### Example 2: Custom Timeout and ProtocolsFor more controlled probing, you might want to customize the timeout settings and specify which protocols to use:
cat domains.txt | httprobe$ -t 1000 -p http,https
### ConclusionIn this section, we have explored the installation, configuration, and practical application of `httprobe$` as a key tool in web enumeration. By understanding its functionality and integrating it into your pentesting workflow, you can significantly enhance your reconnaissance efforts on targets.By effectively employing `httprobe$`, you can quickly identify active web services and focus your assessment on the most relevant areas, ultimately leading to successful security evaluations.—Made by pablo rotem / פבלו רותם
