Htcap - A Spider Web Application Scanner Able To Crawl Unmarried Page Application (Spa) Inwards A Recursive Mode Past Times Intercepting Ajax Calls Together With Dom Changes


Htcap is a spider web application scanner able to crawl unmarried page application (SPA) inwards a recursive fashion yesteryear intercepting ajax calls as well as DOM changes. Htcap is non merely approximately other vulnerability scanner since it's focused on the crawling procedure as well as it's aimed to discovery as well as intercept ajax/fetch calls, websockets, jsonp ecc. It uses its ain fuzzers addition a laid of external tools to discovery vulnerabilities as well as it's designed to last a tool for both manual as well as automated penetration test of modern spider web applications.
It also features a pocket-size but powerful framework to apace educate custom fuzzers amongst less than lx lines of python. The fuzzers tin travel amongst GET/POST data, XML as well as JSON payloads as well as switch betwixt POST as well as GET. Of course, fuzzers run inwards parallel inwards a multi-threaded environment.
This is the real outset free that uses headless chrome instead of phantomjs. Htcap’s Javascript crawling engine has been rewritten to accept wages of the novel async/await features of ecmascript as well as has been converted to a nodjes module laid upward on overstep of Puppetteer.
More infos at htcap.org.

SETUP

Requirements
  1. Python 2.7
  2. Nodejs as well as npm
  3. Sqlmap (for sqlmap scanner module)
  4. Arachni (for arachni scanner module)

Download as well as Run
$ git clone https://github.com/fcavallarin/htcap.git htcap $ htcap/htcap.py

VIDEO


DOCUMENTATION
Documentation, examples as well as demos tin last constitute at the official website https://htcap.org.