Monsoon – Fast HTTP Enumerator

KitPloit – PenTest Tools!–
A fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display them in real-time.

Run an HTTP GET request for each entry in filenames.txt, hide all responses with the status code 403 or 404:


Building from source
These instructions will get you a compiled version of the code in the master branch.
You’ll need a recent version of the Go compiler, at least version 1.11. For Debian, install the package golang-go.
Clone the repository, then from within the checkout run the following command:

$ go build

Afterwards you’ll find a monsoon binary in the current directory. It can be for other operating systems as follows:

$ GOOS=windows GOARCH=amd64 go build -o monsoon.exe

Unofficial Packages
For Arch Linux based distributions monsoon is available as an unofficial package on the AUR. Using your AUR helper of choice such as yay:

yay -S monsoon

Getting Help
The program has several subcommands, the most important one is fuzz which contains the main functionality. You can display a list of commands as follows:

$ ./monsoon -h
monsoon command [options]

Available Commands:
fuzz Execute and filter HTTP requests
help Help about any command
show Construct and display an HTTP request
test Send an HTTP request to a server and show the result
version Display version information

-h, --help help for monsoon

Use "monsoon [command] --help" for more information about a command.

For each command, calling it with --help (e.g. monsoon fuzz --help) will display a description of all the options, and calling monsoon help fuzz also shows an extensive list of examples.

The SecLists Project collects wordlists that can be used with monsoon.

View original article on KitPloit – PenTest Tools!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s