Metadata-Version: 2.1
Name: pthost
Version: 0.0.8
Summary: Default vhost tester
Home-page: https://www.penterep.com/
Author: Penterep
Author-email: info@penterep.com
License: GPLv3+
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Environment :: Console
Requires-Python: >=3.6
Description-Content-Type: text/markdown
License-File: LICENSE

![penterepTools](https://www.penterep.com/external/penterepToolsLogo.png)


# PTHOST
> Default vhost tester

pthost is a script for testing default vhost on target server, pthost also tests target server for CRLF injection, Host injection, and Open Redirect vulnerabilities via Host HTTP header.

## Installation

```
pip install pthost
```

### Add to PATH
If you cannot invoke the script in your terminal, its probably because its not in your PATH. Fix it by running commands below.

Add to path for BASH
```bash
echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.bashrc
source ~/.bashrc
```
Add to path for ZSH
```bash
echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.zshhrc
source ~/.zshhrc
```


## Usage examples

```
pthost -d www.example.com
```

## Options
```
   -d   --domain                        <domain>        Test Domain
   -t   --test                          <test-type>     Specify test-types (default all)
        -t is-default                                   Test Default vhost
        -t open-redirect                                Test Open Redirect
        -t crlf                                         Test CRLF injection
        -t host-injection                               Test Host injection
        -t redir-to-https                               Test HTTP to HTTPS redirects
        -t redir-to-sub                                 Test Subdomain redirects
        -t subdomain-reflection-www                     Test Subdomain reflection (with www)
        -t subdomain-reflection-no-www                  Test Subdomain reflection (without www)
   -ua  --user-agent                    <user-agent>    Set user agent
   -H   --headers                       <header:value>  Set custom headers
   -c   --cookie                        <cookie=value>  Set cookie(s)
   -p   --proxy                         <proxy>         Set proxy (e.g. http://127.0.0.1:8080)
   -P   --protocol                      <protocol>      Set protocol to test (HTTP, HTTPS), default both
   -j   --json                                          Output in JSON format
   -v   --version                                       Show script version and exit
   -h   --help                                          Show this help message and exit

```

## Dependencies
- requests
- tldextract
- ptlibs

## Version History
* 0.0.8
    * Tool renamed from ptdefvhost to pthost
    * Added CRLF test
* 0.0.7
    * Added subdomain reflection test
    * Fixed encoding issues on some sites
* 0.0.1 - 0.0.6
    * Alpha releases

## License

Copyright (c) 2020 HACKER Consulting s.r.o.

ptinsearcher is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

ptinsearcher is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with ptinsearcher.  If not, see <https://www.gnu.org/licenses/>.

## Warning

You are only allowed to run the tool against the websites which
you have been given permission to pentest. We do not accept any
responsibility for any damage/harm that this application causes to your
computer, or your network. Penterep is not responsible for any illegal
or malicious use of this code. Be Ethical!

