{"id":13843924,"url":"https://github.com/boy-hack/hack-requests","last_synced_at":"2025-04-12T11:58:30.843Z","repository":{"id":37406180,"uuid":"146614229","full_name":"boy-hack/hack-requests","owner":"boy-hack","description":"The hack-requests is an http network library for hackers","archived":false,"fork":false,"pushed_at":"2023-05-08T03:32:38.000Z","size":69,"stargazers_count":465,"open_issues_count":19,"forks_count":89,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-03-18T07:26:09.939Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/boy-hack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-08-29T14:42:10.000Z","updated_at":"2025-03-07T09:48:47.000Z","dependencies_parsed_at":"2024-01-07T09:44:23.558Z","dependency_job_id":null,"html_url":"https://github.com/boy-hack/hack-requests","commit_stats":{"total_commits":60,"total_committers":4,"mean_commits":15.0,"dds":0.08333333333333337,"last_synced_commit":"1ce39a5062bbe7f3848fdfa6848ef161cb95e3ff"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fhack-requests","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fhack-requests/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fhack-requests/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fhack-requests/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/boy-hack","download_url":"https://codeload.github.com/boy-hack/hack-requests/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248565085,"owners_count":21125415,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:30.726Z","updated_at":"2025-04-12T11:58:30.823Z","avatar_url":"https://github.com/boy-hack.png","language":"Python","readme":"# hack-requests\nHackRequests 是基于`Python3.x`的一个给黑客们使用的http底层网络库。如果你需要一个不那么臃肿而且像requests一样优雅的设计，并且提供底层请求包/返回包原文来方便你进行下一步分析，如果你使用Burp Suite，可以将原始报文直接复制重放，对于大量的HTTP请求，hack-requests线程池也能帮你实现最快速的响应。\n\n- 像requests一样好用的设计\n- 提供接口获得底层请求包、返回包原文，方便下一步分析\n- 支持发送HTTP原始报文，支持从Burp Suite等抓包软件中重放\n- hack-requests是单文件模块，可方便移植到其他项目中。\n\n## 安装\n- 仅支持python3\n- pip install HackRequests\n\n## 特征\n\n### 不需要关注参数类型\n\n在`requests`模块中，为了方便使用，header、cookie、post等信息都是以字典形式传参，但对于黑客来说，常常截获到的是一个文本，手动转换成字典费时费力。但在`HackRequests`中，这些参数你既可以传入一个字典，也可以传入一个文本，程序会自动识别并转换。\n\n```python\nimport HackRequests\n\nhack = HackRequests.hackRequests()\nurl = \"http://x.hacking8.com\"\n\nheader = '''\nConnection: keep-alive\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n'''\nhh = hack.http(url, headers=header)\nprint(hh.text())\n\nheaders = {\n    \"Connection\": \"keep-alive\",\n    \"User-Agent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\"\n}\nuu = hack.http(url, headers=headers)\nprint(uu.text())\n\n```\n\n### 提供底层包分析\n\n`hackRequests`返回结果中带有`log`参数，记录了`request`和`response`，在写扫描器的时候这两个参数参考非常重要。\n\n```python\nimport HackRequests\n\nhack = HackRequests.hackRequests()\nurl = \"http://x.hacking8.com\"\n\nheader = '''\nConnection: keep-alive\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n'''\nhh = hack.http(url, headers=header)\nprint(hh.log.get(\"request\"))\nprint()\nprint(hh.log.get(\"response\"))\n\n```\n\n返回\n\n```bash\nGET / HTTP/1.1\nHost: x.hacking8.com\nConnection: Keep-Alive\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n\nHTTP/1.1 200 OK\nServer: nginx\nDate: Sat, 01 Sep 2018 12:52:35 GMT\nContent-Type: text/html\nContent-Length: 580\nLast-Modified: Thu, 16 Aug 2018 09:50:56 GMT\nConnection: keep-alive\nETag: \"5b754900-244\"\nAccept-Ranges: bytes\n```\n\n### BurpSuite 重放\n\n支持直接将代理抓包软件中的请求\n\n```python\nimport HackRequests\n\nhack = HackRequests.hackRequests()\nraw = '''\nGET / HTTP/1.1\nHost: x.hacking8.com\nConnection: Keep-Alive\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n'''\nhh = hack.httpraw(raw)\nprint(hh.text())\n```\n\n### 内置线程池\n\n在并发网络访问方面，HackRequests的线程池可以帮助您把网络并发优化到极致。 \n```python\nimport HackRequests\n\n\ndef _callback(r:HackRequests.response):\n    # 从回调函数取出结果，参数r是response结果\n    print(r.text())\n\n\nthreadpool = HackRequests.threadpool(threadnum=10,callback=_callback)\nurl = \"http://www.baidu.com\"\nfor i in range(50):\n    threadpool.http(url)\nthreadpool.run()\n```\n\n### 学习方面\n\n代码开源，不到500行代码且中文注释可以帮助你更好的理解该项目思路。\n\n## 说明文档\n\n### 快速使用\n\n```python\nimport HackRequests\nhack = HackRequests.hackRequests()\nurl = \"http://www.baidu.com/index.php\"\nu = hack.http(url,method=\"HEAD\")\n```\n\n说明：`HEAD`模式可以帮助你更快的检测网页是否存在\n\n使用`hack.http()`可以填写下列参数，当然，除了`url`参数外都不是必须的。\n\n| 参数名      | 参数功能                                                     | 参数类型 |\n| ----------- | ------------------------------------------------------------ | -------- |\n| url（必须） | 用于传递一个地址                                             | Str      |\n| post        | post参数用于传递post提交，此参数被选择时，`method`自动变为`POST`,post参数的类型可以为`Str`或者`Dict` | Str/Dict |\n| method      | 访问模式，目前支持三种 HEAD、GET、POST，默认为GET            | Str      |\n| location    | 当状态码为301、302时会自动跳转，默认为True                   | Bool     |\n| proxy       | 代理，需要传入一个tuple，类似 ('127.0.0.1','8080')           | Tuple    |\n| headers     | 自定义HTTP头，可传入字典或原始的请求头                       | Str/Dict |\n| cookie      | 自定义Cookie，可传入字典或原始cookie字符串                   | Str/Dict |\n| referer     | 模拟用户Referer                                              | Str      |\n| user_agent  | 用户请求头，若为空则会模拟一个正常的请求头                   | Str      |\n| real_host   | 用于host头注入中在header host字段填写注入语句，这里填写真实地址 如 \"127.0.0.1:8000\"  具体参考：https://github.com/boy-hack/hack-requests/blob/master/demo/CVE-2016-10033.py | str      |\n\n### 发送原始响应头\n\n使用`hackRequests`中的 `httpraw`方法\n\n```python\nimport HackRequests\n\nhack = HackRequests.hackRequests()\nraw = '''\nGET / HTTP/1.1\nHost: x.hacking8.com\nConnection: Keep-Alive\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n'''\nhh = hack.httpraw(raw)\nprint(hh.text())\n```\n\n| 参数名    | 参数类型 | 参数功能                                                     |\n| --------- | -------- | ------------------------------------------------------------ |\n| raw(必须) | Str      | 原始报文                                                     |\n| ssl       | Bool     | 网站是否是https，默认为False                                 |\n| proxy     | Tuple    | 代理地址                                                     |\n| location  | Bool     | 自动跳转，默认为Ture                                         |\n| real_host | str      | 用于host头注入中在header host字段填写注入语句，这里填写真实地址 如 \"127.0.0.1:8000\"  具体参考：https://github.com/boy-hack/hack-requests/blob/master/demo/CVE-2016-10033.py |\n\n注:httpraw方法最后会解析格式到`http`方法,所以`http`方法使用的参数这里都可以使用\n\n### response\n\n可使用如下接口获取`hack.http()`的返回值\n\n| 接口参数    | 功能                            | 返回值类型 |\n| ----------- | ------------------------------- | ---------- |\n| status_code | 获取返回状态码                  | Int        |\n| content()   | 获取返回字节                    | Bytes      |\n| text()      | 获取返回文本(会自动转码)        | Str        |\n| header      | 返回原始响应头                  | Str        |\n| headers     | 返回原始响应头的字典形式        | Dict       |\n| charset     | 获取编码类型                    | Str        |\n| log         | 获取底层发送的请求包/返回包     | Dict       |\n| url         | 返回url，若发生跳转则为跳转后的 | Str        |\n| cookie      | 返回请求后的Cookie           | Str        |\n| cookies     | 返回请求后的Cookie字典形式    | Dict       |\n\n### 线程池\n\n```python\nimport HackRequests\n\n\ndef _callback(r:HackRequests.response):\n    # 从回调函数取出结果，参数r是response结果\n    print(r.text())\n\n\nthreadpool = HackRequests.threadpool(threadnum=10,callback=_callback,timeout=10)\n# 可设置http访问的超时时间，不设置则默认为10s。线程数量[threadnum]设置根据自己电脑配置设置，默认为10,值越大线程越多同一秒访问的网站数量也越多。\nurl = \"http://www.baidu.com\"\nfor i in range(50):\n    threadpool.http(url)\nthreadpool.run()\n```\n回调函数参数r是response类，见[说明文档]-[response]  \n在声明一个线程池为`threadpool`后，有以下三种方法可以调用\n\n| 方法名    | 传入参数                | 功能                               |\n| --------- | ----------------------- | ---------------------------------- |\n| http()    | 见[说明文档]-[快速使用] | 将HTTP请求后加入现成队列，准备执行 |\n| httpraw() | 见[说明文档]-[快速使用] | 将HTTP请求后加入现成队列，准备执行 |\n| stop()    |                         | 停止线程池                         |\n| run()     |                         | 启动线程池                         |\n\n\n","funding_links":[],"categories":["Python (1887)","Python","Secure Programming"],"sub_categories":["API"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboy-hack%2Fhack-requests","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fboy-hack%2Fhack-requests","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboy-hack%2Fhack-requests/lists"}