https://github.com/trimstray/htrace.sh

My simple Swiss Army knife for http/https troubleshooting and profiling.
https://github.com/trimstray/htrace.sh

debugging-tools http-requests https-troubleshoting httptracer mozilla-observatory nmap nmap-scripts redirect-urls security-tools ssllabs-scan sublist3r swissarmyknife testing-tools testssl waf

Last synced: about 1 month ago
JSON representation

My simple Swiss Army knife for http/https troubleshooting and profiling.

• Host: GitHub
• URL: https://github.com/trimstray/htrace.sh
• Owner: trimstray
• License: gpl-3.0
• Created: 2018-07-13T13:57:27.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2023-07-02T17:31:26.000Z (about 1 year ago)
• Last Synced: 2024-04-13T21:54:42.883Z (5 months ago)
• Topics: debugging-tools, http-requests, https-troubleshoting, httptracer, mozilla-observatory, nmap, nmap-scripts, redirect-urls, security-tools, ssllabs-scan, sublist3r, swissarmyknife, testing-tools, testssl, waf
• Language: Shell
• Homepage:
• Size: 6.82 MB
• Stars: 3,707
• Watchers: 50
• Forks: 234
• Open Issues: 10
• Metadata Files:
  • Readme: README.md
  • Contributing: .github/CONTRIBUTING.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE.md
  • Code of conduct: .github/CODE_OF_CONDUCT.md

Awesome Lists containing this project

• my-awesome-github-stars - trimstray/htrace.sh - My simple Swiss Army knife for http/https troubleshooting and profiling. (Shell)
• awesomeness - htrace.sh - My simple Swiss Army knife for http/https troubleshooting and profiling. (Sec / Kubernetes)
• awesome-hacking-lists - trimstray/htrace.sh - My simple Swiss Army knife for http/https troubleshooting and profiling. (Shell)

README

        


  

    

  

  

    

  








  

    

  








  

    

  





  Created by

  trimstray and

  contributors








## Description

`htrace.sh` is a shell script for http/https troubleshooting and profiling. It's also a simple wrapper around several open source security tools.

For a more detailed understanding of `htrace.sh`, its parameters, functions and how it all works, run `htrace.sh --examples` or see the **[Wiki](https://github.com/trimstray/htrace.sh/wiki)**.

## Preview



  



## How To Use

To install `htrace.sh` itself:

```bash

# Clone this repository

git clone https://github.com/trimstray/htrace.sh

# Go into directory

cd htrace.sh

# Install

sudo ./setup.sh install

# Install dependencies (Debian 8/9, Ubuntu 18.x and MacOS support)

#   - recommend build docker image or install dependencies manually

#   - before init please see what it does and which packages are available on your repository

sudo ./dependencies.sh

# Show examples

htrace.sh --examples

# Run the app

htrace.sh -u https://nmap.org -s -h

```

> * symlink to `bin/htrace.sh` is placed in `/usr/local/bin`

> * man page is placed in `/usr/local/man/man8`

or build docker image:

```bash

# Clone this repository

git clone https://github.com/trimstray/htrace.sh

# Go into directory and build docker image

cd htrace.sh && build/build.sh

# Run the app

docker run --rm -it --name htrace.sh htrace.sh -u https://nmap.org -s -h

```

## Parameters

Provides the following options:

```

    htrace.sh v1.1.7

  Usage:

    htrace.sh  [value]

  Examples:

    htrace.sh -u https://example.com -s -h -b

    htrace.sh -u https://example.com --all-scans

  Options:

        --help                                show this message

        --version                             show script version

        --examples                            show script examples

    Standard:

        -u|--url                       set target url with http/https protocol

        -s|--ssl                              show basic ssl server/connection parameters

        -h|--headers                          show response headers

        -b|--body                             show response body

        -M|--req-method                set request method (default: GET)

        -H|--req-header                set request header(s)

        -p|--proxy                     set proxy server (not for external tools)

        -r|--resolve                   resolve the host+port to this address

        -i|--iface                     set network interface (or address)

        -a|--all-scans                        use all external security tools

    Security tools:

        --testssl                             test ssl protocols and ciphers (testssl.sh)

        --observatory                         analyze website headers (mozilla observatory)

        --ssllabs                             deep analysis of the ssl web server (ssllabs)

        --mixed-content                       scan website for non-secure resources (mixed-content-scan)

        --nse                                 scan website and domain with nse library (nmap)

        --waf                                 detect and bypass web application firewalls (wafw00f)

        --dns                                 enumerate subdomains (subfinder) and perform zone transfer

        --http2                               test HTTP/2 (nghttp2)

    Extended:

        --ssl-bin                       set path to the openssl bin

        --ssl-debug                           debug ssl connection

        --cache-bypass                 try (proxy) cache bypass

        --user-agent                   set 'User-Agent' header

        --referer                      set 'Referer' header

        --auth                         set authentication method

        --httpv                        set http version

        --tlsv                         set tls version

        --ciph                         set of cryptographic algorithm

        --max-redirects                  set max redirects (default: 10)

        --timeout                        set max timeout (default: 15)

        --hide-src-ip                         hide source ip from output

```

## Contributing

See **[this](.github/CONTRIBUTING.md)**.

### Code Contributors

This project exists thanks to all the people who contribute.



## License

GPLv3 : 

**Free software, Yeah!**