Network Tools

Monsoon – Fast HTTP Enumerator

Monsoon - Fast HTTP Enumerator

 

A fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display them in real-time.

Example
Run an HTTP GET request for each entry in filenames.txt, hide all responses with the status code 403 or 404:

Installation

Building from source
These instructions will get you a compiled version of the code in the master branch.
You’ll need a recent version of the Go compiler, at least version 1.11. For Debian, install the package golang-go.
Clone the repository, then from within the checkout run the following command:

$ go build

Afterwards you’ll find a monsoon binary in the current directory. It can be for other operating systems as follows:

$ GOOS=windows GOARCH=amd64 go build -o monsoon.exe

Unofficial Packages
For Arch Linux based distributions monsoon is available as an unofficial package on the AUR. Using your AUR helper of choice such as yay:

yay -S monsoon

Getting Help
The program has several subcommands, the most important one is fuzz which contains the main functionality. You can display a list of commands as follows:

$ ./monsoon -h
Usage:
  monsoon command [options]
Available Commands:
fuzz Execute and filter HTTP requests
help Help about any command
show Construct and display an HTTP request
test Send an HTTP request to a server and show the result
version Display version information
Options:
-h, --help help for monsoon
Use "monsoon [command] --help" for more information about a command.

For each command, calling it with --help (e.g. monsoon fuzz --help) will display a description of all the options, and calling monsoon help fuzz also shows an extensive list of examples.

Wordlists
The SecLists Project collects wordlists that can be used with monsoon.

 


About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: