Matthew McCorkle

Day 16 - Httrack - 100 tools in 100 days!

1 . Introduction
2 . My Setup
3 . What is Httrack?
4 . Why use Httrack?
5 . How to use Httrack?
6 . Summary


This post is designed to introduce you to the tool Httrack.

Disclaimer: Please only use Httrack for professional and educational reasons. Do not use this tool for nefarious or malicious reasons.


1. Introduction

Welcome to the sixteenth blog post of 100 tools in 100 days.

Find Httrack here.

At the creators GitHub here


2. My Setup

For running the Httrack tool, I used Kali Linux in a VMware Workstation 16 Player virtualized environment.

I wanted to use Httrack on a website that I had permission to copy so I used the Owasp Top 10 room [Severity 1] Command Injection Practical from Try Hack Me as my example website.


3. What is Httrack?

Httrack is a copy machine for websites.

It allows a user to download an entire website, including directories, HTML, images, files, and code.

This allows the user to interact with the website on their device offline.


4. Why use Httrack?

As a penetration tester, you may use Httrack to get all contents of a website and test certain functions of the website for vulnerabilities.

Today, this is slightly less feasible as many websites operate using databases for querying.

However, for simple and older sites this may be a great tool to test for security issues.

As a user or website owner, you may use this tool to download a local copy of the website for testing purposes and to find security issues before malicious actors do.

As an archiver, you may use Httrack to download and create an archive of websites for personal use.


Disclaimer: Please read the FAQ section of Httrack’s website regarding abuse and misuse here.

5. How to use Httrack?

Step 1:
Httrack is available in Kali Linux repository. 

Open your terminal and type the command "httrack" and type "y" and press 
enter to begin the installation.


Step 2:
The website I copied was from Try Hack Me's OWASP Top 10 list of rooms (
    [Severity 1] Command Injection Practical).

I ran the following command in my terminal to copy the website:

httrack http://http://10.10.221.148/



If I look at the contents of the directory that Httrack created for the website I notice I have all of the same options as I did on the Try Hack Me site.

Below you can see the website from the Try Hack Me address and the local version downloaded.

Original Site:

Httrack Copied Site:

Using the basic command of httrack < website > runs httrack in a simple wizard mode using default settings.

You can see many more options for httrack by typing the command httrack --help.


6. Summary

Httrack is a simple quick and easy to use website copier.

Some websites have rules and laws that protect them from being copied, so please only use this on websites that are open-source or that you have explicit permission to copy.

Httrack comes with many additional options and parameters for copying than I covered here. Please check out the manual page by typing httrack --help into your command line.

Thanks for reading!

If you have suggestions for what tool to cover next, contact me!