hetty/README.md

<img src="https://i.imgur.com/AT71SBq.png" width="346" />

> Hetty is an HTTP toolkit for security research. It aims to become an open source
> alternative to commercial software like Burp Suite Pro, with powerful features
> tailored to the needs of the infosec and bug bounty community.

<img src="https://i.imgur.com/ZZ6o83X.png">

## Features/to do

- [x] HTTP man-in-the-middle (MITM) proxy and GraphQL server.
- [x] Web interface (Next.js) with proxy log viewer.
- [ ] Add scope support to the proxy.
- [ ] Full text search (with regex) in proxy log viewer.
- [ ] Project management.
- [ ] Sender module for sending manual HTTP requests, either from scratch or based
      off requests from the proxy log.
- [ ] Attacker module for automated sending of HTTP requests. Leverage the concurrency
      features of Go and its `net/http` package to make it blazingly fast.

## Installation

Hetty is packaged on GitHub as a single binary, with the web interface resources
embedded.

👉 You can find downloads for Linux, macOS and Windows on the [releases page](https://github.com/dstotijn/hetty/releases).

### Alternatives:

**Build from source**

```
$ GO111MODULE=auto go get -u -v github.com/dstotijn/hetty/cmd/hetty
```

Then export the Next.js frontend app:

```
$ cd admin
$ yarn install
$ yarn export
```

This will ensure a folder `./admin/dist` exists.
Then, you can bundle the frontend app using `rice`.
The easiest way to do this is via a supplied `Makefile` command in the root of
the project:

```
make build
```

**Docker**

Alternatively, you can run Hetty via Docker. See: [`dstotijn/hetty`](https://hub.docker.com/r/dstotijn/hetty)
on Docker Hub.

```
$ docker run \
-v $HOME/.hetty/hetty_key.pem:/root/.hetty/hetty_key.pem \
-v $HOME/.hetty/hetty_cert.pem:/root/.hetty/hetty_cert.pem \
-v $HOME/.hetty/hetty.bolt:/root/.hetty/hetty.bolt \
-p 127.0.0.1:8080:8080 \
dstotijn/hetty
```

## Usage

Hetty is packaged as a single binary, with the web interface resources embedded.
When the program is run, it listens by default on `:8080` and is accessible via
http://localhost:8080. Depending on incoming HTTP requests, it either acts as a
MITM proxy, or it serves the GraphQL API and web interface (Next.js).

```
$ Usage of ./hetty:
  -addr string
        TCP address to listen on, in the form "host:port" (default ":80")
  -adminPath string
        File path to admin build
  -cert string
        CA certificate filepath. Creates a new CA certificate is file doesn't exist (default "~/.hetty/hetty_cert.pem")
  -db string
        Database file path (default "hetty.db")
  -key string
        CA private key filepath. Creates a new CA private key if file doesn't exist (default "~/.hetty/hetty_key.pem")
```

⚠️ _Todo: Write instructions for installing CA certificate in local CA store, and_
_configuring Hetty to be used as a proxy server._

## Vision and roadmap

The project has just gotten underway, and as such I haven’t had time yet to do a
write-up on its mission and roadmap. A short summary/braindump:

- Fast core/engine, built with Go, with a minimal memory footprint.
- GraphQL server to interact with the backend.
- Easy to use web interface, built with Next.js and Material UI.
- Extensibility is top of mind. All modules are written as Go packages, to
  be used by the main `hetty` program, but also usable as libraries for other software.
  Aside from the GraphQL server, it should (eventually) be possible to also use
  it as a CLI tool.
- Pluggable architecture for the MITM proxy and future modules, making it
  possible for hook into the core engine.
- I’ve chosen [Cayley](https://cayley.io/) as the graph database (backed by
  BoltDB storage on disk) for now (not sure if it will work in the long run).
  The benefit is that Cayley (also written in Go)
  is embedded as a library. Because of this, the complete application is self contained
  in a single running binary.
- Talk to the community, and focus on the features that the majority.
  Less features means less code to maintain.

## Status

The project is currently under active development. Please star/follow and check
back soon. 🤗

## Acknowledgements

Thanks to the [Hacker101 community on Discord](https://discordapp.com/channels/514337135491416065)
for all the encouragement to actually start building this thing!

## License

[MIT](LICENSE)

---

© 2020 David Stotijn — [Twitter](https://twitter.com/dstotijn), [Email](mailto:dstotijn@gmail.com)
-												Update README.md
											
										
										
											2020-09-27 18:43:53 +00:00
+								<img src="https://i.imgur.com/AT71SBq.png" width="346" />
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
 								> Hetty is an HTTP toolkit for security research. It aims to become an open source
 								> alternative to commercial software like Burp Suite Pro, with powerful features
 								> tailored to the needs of the infosec and bug bounty community.
 								<img src="https://i.imgur.com/ZZ6o83X.png">
 								## Features/to do
 								- [x] HTTP man-in-the-middle (MITM) proxy and GraphQL server.
 								- [x] Web interface (Next.js) with proxy log viewer.
-												Update README.md
											
										
										
											2020-09-27 18:45:00 +00:00
+								- [ ] Add scope support to the proxy.
 								- [ ] Full text search (with regex) in proxy log viewer.
 								- [ ] Project management.
 								- [ ] Sender module for sending manual HTTP requests, either from scratch or based
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								      off requests from the proxy log.
-												Update README.md
											
										
										
											2020-09-27 18:45:00 +00:00
+								- [ ] Attacker module for automated sending of HTTP requests. Leverage the concurrency
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								      features of Go and its `net/http` package to make it blazingly fast.
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
 								## Installation
 								Hetty is packaged on GitHub as a single binary, with the web interface resources
 								embedded.
 								👉 You can find downloads for Linux, macOS and Windows on the [releases page](https://github.com/dstotijn/hetty/releases).
 								### Alternatives:
 								**Build from source**
 								```
-												Update README, .gitignore (#10)

* update readme

* update gitignore (test binary, built with go test -c)

* update readme
											
										
										
											2020-09-28 19:07:24 +00:00
+								$ GO111MODULE=auto go get -u -v github.com/dstotijn/hetty/cmd/hetty
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
+								```
 								Then export the Next.js frontend app:
 								```
 								$ cd admin
 								$ yarn install
 								$ yarn export
 								```
 								This will ensure a folder `./admin/dist` exists.
 								Then, you can bundle the frontend app using `rice`.
 								The easiest way to do this is via a supplied `Makefile` command in the root of
 								the project:
 								```
 								make build
 								```
 								**Docker**
 								Alternatively, you can run Hetty via Docker. See: [`dstotijn/hetty`](https://hub.docker.com/r/dstotijn/hetty)
 								on Docker Hub.
 								```
 								$ docker run \
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								-v $HOME/.hetty/hetty_key.pem:/root/.hetty/hetty_key.pem \
 								-v $HOME/.hetty/hetty_cert.pem:/root/.hetty/hetty_cert.pem \
-												Change default location of DB

											
										
										
											2020-09-28 18:43:43 +00:00
+								-v $HOME/.hetty/hetty.bolt:/root/.hetty/hetty.bolt \
-												Change default port to :8080

											
										
										
											2020-09-28 18:41:43 +00:00
+								-p 127.0.0.1:8080:8080 \
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								dstotijn/hetty
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
+								```
 								## Usage
 								Hetty is packaged as a single binary, with the web interface resources embedded.
 								When the program is run, it listens by default on `:8080` and is accessible via
 								http://localhost:8080. Depending on incoming HTTP requests, it either acts as a
 								MITM proxy, or it serves the GraphQL API and web interface (Next.js).
 								```
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								$ Usage of ./hetty:
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
+								  -addr string
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								        TCP address to listen on, in the form "host:port" (default ":80")
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
+								  -adminPath string
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								        File path to admin build
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
+								  -cert string
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								        CA certificate filepath. Creates a new CA certificate is file doesn't exist (default "~/.hetty/hetty_cert.pem")
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
+								  -db string
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								        Database file path (default "hetty.db")
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
+								  -key string
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								        CA private key filepath. Creates a new CA private key if file doesn't exist (default "~/.hetty/hetty_key.pem")
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
+								```
-												Add support for CA key and certificate generation

											
										
										
											2020-09-28 18:37:25 +00:00
+								⚠️ _Todo: Write instructions for installing CA certificate in local CA store, and_
 								_configuring Hetty to be used as a proxy server._
-												Add README and LICENSE

											
										
										
											2020-09-27 18:38:30 +00:00
 								## Vision and roadmap
 								The project has just gotten underway, and as such I haven’t had time yet to do a
 								write-up on its mission and roadmap. A short summary/braindump:
 								- Fast core/engine, built with Go, with a minimal memory footprint.
 								- GraphQL server to interact with the backend.
 								- Easy to use web interface, built with Next.js and Material UI.
 								- Extensibility is top of mind. All modules are written as Go packages, to
 								  be used by the main `hetty` program, but also usable as libraries for other software.
 								  Aside from the GraphQL server, it should (eventually) be possible to also use
 								  it as a CLI tool.
 								- Pluggable architecture for the MITM proxy and future modules, making it
 								  possible for hook into the core engine.
 								- I’ve chosen [Cayley](https://cayley.io/) as the graph database (backed by
 								  BoltDB storage on disk) for now (not sure if it will work in the long run).
 								  The benefit is that Cayley (also written in Go)
 								  is embedded as a library. Because of this, the complete application is self contained
 								  in a single running binary.
 								- Talk to the community, and focus on the features that the majority.
 								  Less features means less code to maintain.
 								## Status
 								The project is currently under active development. Please star/follow and check
 								back soon. 🤗
 								## Acknowledgements
 								Thanks to the [Hacker101 community on Discord](https://discordapp.com/channels/514337135491416065)
 								for all the encouragement to actually start building this thing!
 								## License
 								[MIT](LICENSE)
 								---
 								© 2020 David Stotijn — [Twitter](https://twitter.com/dstotijn), [Email](mailto:dstotijn@gmail.com)