-
Notifications
You must be signed in to change notification settings - Fork 0
/
HeaderProbe.sh
152 lines (124 loc) Β· 4.16 KB
/
HeaderProbe.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#!/bin/bash
N='\033[0m'
R='\033[0;31m'
G='\033[0;32m'
O='\033[0;33m'
B='\033[0;34m'
Y='\033[0;38m'
C='\033[0;36m'
W='\033[0;37m'
trap 'printf "\e[1;77m \nCtrl+C was pressed, exiting...\n\n \e[0m"; exit 0' SIGINT
print_banner() {
local banner=(
"******************************************"
"* HeaderProbe *"
"* Host Header Injection Tool *"
"* v1.2.1 *"
"* ---------------------------- *"
"* by @ImKKingshuk *"
"* Github- https://github.com/ImKKingshuk *"
"******************************************"
)
local width=$(tput cols)
for line in "${banner[@]}"; do
printf "%*s\n" $(((${#line} + width) / 2)) "$line"
done
echo
}
check_internet() {
echo -e "${O}[+] Checking Internet Connectivity"
if ! ping -c 1 8.8.8.8 &>/dev/null; then
echo -e "${R}[Error] No Internet Connection. Exiting..."
exit 1
else
echo -e "${G}[+] Internet is present"
fi
}
host_header_injection_check() {
local domains method custom_headers follow_redirects timeout output_file
echo -e "${B}\n[+] Welcome to the Host Header Injection Tool!"
read -p "Enter the target URL(s) (space-separated for multiple URLs): " domains
IFS=' ' read -r -a domains_array <<< "$domains"
if [[ ${#domains_array[@]} -eq 0 ]]; then
echo -e "${R}[Error] No URLs provided. Exiting..."
exit 1
fi
read -p "Choose HTTP method (default: GET): " method
method=${method:-GET}
read -p "Enter custom headers (comma-separated, e.g., Header1:Value1,Header2:Value2): " custom_headers
read -p "Follow redirects? (yes/no, default: yes): " follow_redirects
follow_redirects=${follow_redirects:-yes}
read -p "Enter request timeout in seconds (default: 5): " timeout
timeout=${timeout:-5}
read -p "Enter output file name (default: output.txt): " output_file
output_file=${output_file:-output.txt}
echo -e "${R}\n[+] Performing Host Header Injection Check"
sleep 2
> "$output_file"
for domain in "${domains_array[@]}"; do
response=$(curl -s -m "$timeout" -I -X "$method" "$domain" \
-H "X-Forwarded-Host: evil.com" \
$([[ -n "$custom_headers" ]] && echo -H "$custom_headers") \
$([[ "$follow_redirects" == "no" ]] && echo -L))
echo -e "${Y}\nURL: $domain" >> "$output_file"
echo "$response" >> "$output_file"
clear
print_banner
echo -e "${B}===================${O}========================="
if grep -qi 'X-Forwarded-Host: evil.com' <<< "$response"; then
echo -e "${O}URL: $domain [Vulnerable]"
analyze_response "$response"
else
echo -e "${O}URL: $domain [Not Vulnerable]"
fi
done
select_output_format "$output_file"
}
analyze_response() {
local response="$1"
local server_header
server_header=$(grep -i 'Server:' <<< "$response")
if [[ -n "$server_header" ]]; then
echo -e "${C}Server Header: $server_header"
fi
}
select_output_format() {
local output_file="$1"
local format
echo -e "${B}\n[+] Select Output Format:"
select format in "Plain Text" "JSON" "Exit"; do
case "$format" in
"Plain Text")
cat "$output_file"
break
;;
"JSON")
generate_json_output "$output_file"
break
;;
"Exit")
exit 0
;;
*)
echo -e "${R}[Error] Invalid selection. Please choose a valid option."
;;
esac
done
}
generate_json_output() {
local output_file="$1"
local domains_json
domains_json=$(awk '/^URL:/ {url=$2} /Vulnerable/ {vul="true"} /Not Vulnerable/ {vul="false"} /Server:/ {server=$2; printf "{ \"URL\": \"%s\", \"Vulnerability\": %s, \"ServerHeader\": \"%s\" },\n", url, vul, server}' "$output_file" | sed '$ s/,$//')
cat <<EOF
[
$domains_json
]
EOF
}
main() {
check_internet
clear
print_banner
host_header_injection_check
}
main