Network Tools

Monsoon – Fast HTTP Enumerator

Monsoon - Fast HTTP Enumerator

[sc name=”ad_1″]
A fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display them in real-time.

Example
Run an HTTP GET request for each entry in filenames.txt, hide all responses with the status code 403 or 404:

Installation

Building from source
These instructions will get you a compiled version of the code in the master branch.
You’ll need a recent version of the Go compiler, at least version 1.11. For Debian, install the package golang-go.
Clone the repository, then from within the checkout run the following command:

$ go build

Afterwards you’ll find a monsoon binary in the current directory. It can be for other operating systems as follows:

$ GOOS=windows GOARCH=amd64 go build -o monsoon.exe

Unofficial Packages
For Arch Linux based distributions monsoon is available as an unofficial package on the AUR. Using your AUR helper of choice such as yay:

yay -S monsoon

Getting Help
The program has several subcommands, the most important one is fuzz which contains the main functionality. You can display a list of commands as follows:

$ ./monsoon -h
Usage:
  monsoon command [options]
Available Commands:
fuzz Execute and filter HTTP requests
help Help about any command
show Construct and display an HTTP request
test Send an HTTP request to a server and show the result
version Display version information
Options:
-h, --help help for monsoon
Use "monsoon [command] --help" for more information about a command.

For each command, calling it with --help (e.g. monsoon fuzz --help) will display a description of all the options, and calling monsoon help fuzz also shows an extensive list of examples.

Wordlists
The SecLists Project collects wordlists that can be used with monsoon.

 


[sc name=”ad-in-article”]