Used to audit web servers and applications in how they process HTTP Headers. It sends a series of GET requests with custom crafted HTML Headers and then looks for anomalies (regex's for known errors) in the response data. Tests can reveal SQL Injection vunerabilites and various other issues of interest.
Disclaimer This tool is used to perform reconnaissance only.
- Basic Error based SQLi tests for: User-Agent X-Forwarded-For Host Referer Cookies (all fields)
Easy to add tests for any other fields.
- Output to Termial, SQLite, or JSON->ElasticSearch
Show help file:
python -h
Run against a single URL:
what url would you like PyLobster to visit?
If you want to feed it a list of URL's (from burp export or something)
python -f urlList.txt
check sampleList.txt for expected format
In the process of updating for Python 3 Tested on Python v 2.7.3
Python Requests Library
apt-get install python-pip pip install requests
Consider turning requests safe_mode on if you are having issues:
nano /usr/local/lib/python2.7/dist-packages/requests/
can be set with the -m swtich
defualt: Terminal output
SQLite (needs work) If you are using SQLite to store your results data you will need to first create a SQLitedb sqlite3 results.db python
JSON--> Elasticsearch
-m ES
This output mode is working however you will need to have an ElasticSearc instance ready to recieve POSTed JSON data.
Detect custom HTTP Headers and reply to those as well
Add switch for header test mode: --htm all -- (every standard header field) minimal -- (typical dynamic header fields) will be defualt smart -- (see #4, check what headers webserver sets and attack those) custom -- (choose which header field to test)
Add fuzzing defs
Add basic SQLi union tests