htcap is a web app scanner single page application (SPA) in a recursive manner by intercepting ajax calls & DOM changes.
htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes.
Htcap is not just another vulnerability scanner since it’s focused mainly on the crawling process and uses external tools to discover vulnerabilities. It’s designed to be a tool for both manual and automated penetration test of modern web applications.
The scan process is divided in two parts, first htcap crawls the target and collects as many requests as possible (urls, forms, ajax ecc..) and saves them to a sql-lite database. When the crawling is done it is possible to launch several security scanners against the saved requests and save the scan results to the same database.
When the database is populated (at least with crawing data), it’s possible to explore it with ready-available tools such as sqlite3 or DBEaver or export the results in various formats using the
1. Python 2.7
2. PhantomJS v2
3. Sqlmap (for sqlmap scanner module)
4. Arachni (for arachni scanner module)
Latest Change 25/3/2016:
+ core: improved management of database and threads.
git clone https://github.com/segment-srl/htcap && cd htcap
python htcap.py crawl -h
python htcap.py scan -h
git pull origin master