# Course #261: Introduction to httprobe$
## 1. Installation and Configuration on Kali Linux
### 1.1 Overview of httprobe$
`httprobe$` is a powerful tool used for probing URLs to check which ones are alive and responding. This is particularly useful during web enumeration and penetration testing, where identifying active subdomains is crucial for further exploration and exploitation. In this section, we will cover how to install and configure `httprobe$` on Kali Linux.
### 1.2 Installation Steps
1. **Open Terminal**: First, launch your Terminal on your Kali Linux machine.
2. **Update Package Lists**: Before installing any new tool, it’s best practice to ensure that your package lists are up to date. You can do this by executing the following command:
sudo apt update
3. **Install httprobe$**: `httprobe$` is included in the `assetfinder` toolset, which can be installed via `go get` if you have Go installed. Alternatively, you can directly install it from the package repository:
sudo apt install httprobe
4. **Verify Installation**: Once `httprobe$` is installed, verify that it is functioning by running:
httprobe -h
This command should display the help information for `httprobe$`.
5. **Configuration**: While `httprobe$` works out of the box, you can create a configuration file for preferred options. However, for most use cases, the default settings will suffice.
### 1.3 Additional Dependencies
`httprobe$` operates effectively with other tools, and it’s recommended to have a few additional utilities for optimal performance:
– **curl**: This utility is commonly used for making network requests.
– **jq**: A lightweight command-line JSON processor that helps in parsing JSON data.
To install these tools, run:
"`bash
sudo apt install curl jq
"`
## 2. Step-by-Step Usage and Real-World Use Cases
Now that we have `httprobe$` installed, let’s explore its usage in various scenarios.
### 2.1 Basic Usage
To probe URLs using `httprobe$`, you can provide it a list of domains either through a file or directly from standard input. Here’s how to do it:
#### 2.1.1 Probing from a File
1. **Create a text file with domains**:
echo -e "example.comnsub.example.comnanotherexample.com" > domains.txt
2. **Run httprobe$**:
cat domains.txt | httprobe
3. **Expected Output**:
[/dm_code_snippet]
http://example.com
http://sub.example.com
[/dm_code_snippet]
#### 2.1.2 Probing from Standard Input
You can also directly input domains through the command line:
"`bash
echo -e "example.comnsub.example.com" | httprobe
"`
### 2.2 Real-World Use Cases
#### 2.2.1 Subdomain Enumeration
When performing web application testing, it is often crucial to identify active subdomains. With `httprobe$`, you can quickly filter out non-responsive subdomains generated from tools like `subfinder` or `assetfinder`.
1. **Example Workflow**:
assetfinder –subs-only example.com | httprobe
This command uses `assetfinder` to find subdomains of `example.com` and pipes them directly to `httprobe$` for filtering.
#### 2.2.2 Finding Alive Hosts for Further Testing
If you have a large list of potential targets, `httprobe$` can help by providing only the live hosts that you can attack or further enumerate. Here’s an example workflow:
1. **Gather a list of possible domains**:
cat potential_domains.txt | httprobe -t 30
Here, `-t 30` sets a timeout of 30 seconds for each probe, which is beneficial when dealing with slow or unresponsive services.
### 2.3 Advanced Options
`httprobe$` comes with several flags that enhance its functionality:
– **-p**: Specify the preferred protocols. By default, it probes both HTTP and HTTPS. You can limit this if needed.
– **-b**: Bypass the filtering of non-200 responses. Use this when you want the full set of responses regardless of their status.
### 2.4 Handling Output
`httprobe$` can output the results in various ways. You can redirect the output to a file for further analysis:
"`bash
cat domains.txt | httprobe > live_hosts.txt
"`
## 3. Detailed Technical Explanations
### 3.1 Understanding HTTP Probes
When you run `httprobe$`, under the hood, it makes HTTP requests to each domain provided. The tool checks the HTTP response status codes (like 200, 301, 302, etc.) to determine if the domain is live or not. Different status codes indicate different conditions:
– **200 OK**: The request has succeeded.
– **301 Moved Permanently**: URL has been moved; useful for recon purposes.
– **302 Found**: Indicates a temporary redirect.
– **404 Not Found**: The server has not found anything matching the Request-URI.
### 3.2 Use of Go Language
`httprobe$` is built using the Go programming language, which allows it to handle concurrency efficiently. This design enables `httprobe$` to process multiple requests simultaneously, significantly speeding up the enumeration process.
### 3.3 Real-World Applications in Penetration Testing
In penetration testing, time is of the essence. The ability to quickly identify active subdomains can lead to finding sensitive areas of an application, misconfigurations, or even vulnerabilities. Tools like `httprobe$` are often paired with other enumeration tools to provide a comprehensive assessment of web applications.
## 4. External Reference Links
– [Kali Linux Official Documentation for httprobe$](https://www.kali.org/tools/httprobe$)
– [GitHub Repository for Assetfinder](https://github.com/tomnomnom/assetfinder)
– [Detailed Guide to Web Enumeration](https://portswigger.net/web-security)
"`markdown
### Code Examples for WordPress
If you are looking to automate the probing of your WordPress installation, here is a simple Bash script that can help:
"`bash
#!/bin/bash
# A script to probe for active WordPress plugins
plugin_list=( "akismet.com" "yoast.com" "contactform7.com" )
for plugin in "${plugin_list[@]}"
do
echo "Probing: $plugin"
echo "$plugin" | httprobe
done
"`
Make sure this script is executable by running:
"`bash
chmod +x probe_wordpress.sh
"`
You can run the script with:
"`bash
./probe_wordpress.sh
"`
"`
### 5. Conclusion
In this section, we introduced `httprobe$`, a powerful tool for web enumeration. We covered installation, configuration, and practical usage, including real-world scenarios where `httprobe$` can be beneficial in penetration testing engagements. By mastering these techniques, you can enhance your skills in web security assessments.
Made by pablo rotem / פבלו רותם