Skip to content
/ httpmap Public

Tool for extracting data such as URLs, GraphQL queries, sensitive info, etc. from a given file or URL

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0mgfriday/httpmap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
0mg.HttpMap.sln
0mg.HttpMap.sln
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Overview

Tool for extracting data such as URLs, GraphQL queries, sensitive info, etc. from a given file or url. For SPA apps it will try to find the main or app js file to extract info from.

Extracts the following data:

  • Paths
  • URLs
  • Websockets
  • Grapghql queries and mutations
  • Hardcoded API keys

Requirements

dotnet 6 https://dotnet.microsoft.com/en-us/download

Installation

Nuget

dotnet tool install --global 0mg.HttpMap

From Release

Download the nuget file from releases

dotnet tool install --global --add-source [DIRECTORY_CONTAINING_NUGET] 0mg.HttpMap --version 1.0.1

You may need to add $HOME/.dotnet/tools to your path on Linux. You can do so by adding something like the following to your .bashrc or .zshrc file

export DOTNETTOOLS=$HOME/.dotnet/tools
export PATH=$DOTNETTOOLS:$PATH

From source

dotnet pack -c Release .\src\0mg.HttpMap\0mg.HttpMap.csproj
dotnet tool install --global --add-source .nupkg 0mg.HttpMap

Updating

dotnet tool update --global --add-source [DIRECTORY_CONTAINING_NUGET] 0mg.HttpMap --version 1.0.1

Example

httpmap -u https://example.com

Output

.__     __    __
|  |___/  |__/  |_______   _____ _____  ______
|  |  \   __\   __\____ \ /     \\__  \ \____ \
|   Y  \  |  |  | |  |_> >  Y Y  \/ __ \|  |_> >
|___|  /__|  |__| |   __/|__|_|  (____  /   __/
     \/           |__|         \/     \/|__|
https://github.com/0mgfriday/httpmap

Target Url: https://example.com
{
  "Paths": [
    "/api/v1/users",
    "/graphql"
  ],
  "ExternalUrls": [
    "http://api.example.com"
  ],
  "WebSockets": [
    "wss://example"
  ],
  "FormActions": [],
  "JavaScriptFiles": [
    "app.js"
  ],
  "GraphQL": [
    "mutation AddUser",
    "query UserQuery"
  ],
  "Secrets": [
    "API Key: 28b901e3041d5eddb024f7a581b78f76"
  ]
}

Help

httpmap -h

Description:
  Tool for scraping backend data from frontend code.

Usage:
  0mg.HttpMap [options]

Options:
  -u, --uri <uri> (REQUIRED)    Uri to scrape (Url or file path)
  -ua, --useragent <useragent>  Useragent to use for requests [default: Mozilla/5.0 (Windows NT 10.0; Win64; x64;
                                rv:108.0) Gecko/20100101 Firefox/108.0]
  -p, --proxy <proxy>           Proxy url
  -H, --header <header>         Header for requests (Multiple Allowed)
  -o, --outfile <outfile>       Write output as json to specified file
  -q, --quiet                   Only print output
  --version                     Show version information
  -?, -h, --help                Show help and usage information

About

Tool for extracting data such as URLs, GraphQL queries, sensitive info, etc. from a given file or URL

Topics

security web enumeration

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0.1 Latest
Dec 21, 2022

Packages

No packages published

Languages