Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → Sh1Yo → request_smuggler

Sh1Yo / request_smuggler

Licence: GPL-3.0 license

Http request smuggling vulnerability scanner

Programming Languages

11053 projects

Labels

security web scanner bugbounty request-smuggling

Projects that are alternatives of or similar to request smuggler

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Stars: ✭ 974 (+379.8%)

Mutual labels: scanner, bugbounty

Automated NoSQL database enumeration and web application exploitation tool.

Stars: ✭ 1,928 (+849.75%)

Mutual labels: scanner, bugbounty

The Swiss Army knife for automated Web Application Testing

Stars: ✭ 1,073 (+428.57%)

Mutual labels: scanner, bugbounty

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Stars: ✭ 791 (+289.66%)

Mutual labels: scanner, bugbounty

Pentest: Subdomains enumeration tool for penetration testers.

Stars: ✭ 142 (-30.05%)

Mutual labels: scanner, bugbounty

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Stars: ✭ 859 (+323.15%)

Mutual labels: scanner, bugbounty

Cross Origin Resource Sharing MisConfiguration Scanner

Stars: ✭ 118 (-41.87%)

Mutual labels: scanner, bugbounty

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Stars: ✭ 509 (+150.74%)

Mutual labels: scanner, bugbounty

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Stars: ✭ 1,572 (+674.38%)

Mutual labels: scanner, bugbounty

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Stars: ✭ 3,439 (+1594.09%)

Mutual labels: scanner, bugbounty

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Stars: ✭ 767 (+277.83%)

Mutual labels: scanner, bugbounty

Fast and customizable vulnerability scanner For JIRA written in Python

Stars: ✭ 185 (-8.87%)

Mutual labels: scanner, bugbounty

Web path scanner

Stars: ✭ 7,246 (+3469.46%)

Mutual labels: scanner, bugbounty

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Stars: ✭ 887 (+336.95%)

Mutual labels: scanner, bugbounty

Powerfull XSS Scanning and Parameter analysis tool&gem

Stars: ✭ 583 (+187.19%)

Mutual labels: scanner, bugbounty

Webhackersweapons

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Stars: ✭ 1,205 (+493.6%)

Mutual labels: scanner, bugbounty

CloudFlare Checker written in Go

Stars: ✭ 147 (-27.59%)

Mutual labels: scanner, bugbounty

An automated target reconnaissance pipeline.

Stars: ✭ 278 (+36.95%)

Mutual labels: scanner, bugbounty

Mobilehackersweapons

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Stars: ✭ 170 (-16.26%)

Mutual labels: scanner, bugbounty

Awesome-HTTPRequestSmuggling

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

Stars: ✭ 97 (-52.22%)

Mutual labels: bugbounty, request-smuggling

View All Similar Projects ➔

Request smuggler

Http request smuggling vulnerability scanner

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.

Archived

The tool needs a lot of improvements, and I don't have enough time to support it as I have another large project - x8. I will probably return to this project in the future.

Usage

USAGE:
    request_smuggler [OPTIONS] --url <url>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
        --amount-of-payloads <amount-of-payloads>    low/medium/all [default: low]
    -t, --attack-types <attack-types>
            [ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: "ClTeTime" "TeClTime"]

        --file <file>
            send request from a file
            you need to explicitly pass \r\n at the end of the lines
    -H, --header <headers>                           Example: -H 'one:one' 'two:two'
    -X, --method <method>                             [default: POST]
    -u, --url <url>
    -v, --verbose <verbose>
            0 - print detected cases and errors only,
            1 - print first line of server responses
            2 - print requests [default: 0]
        --verify <verify>                            how many times verify the vulnerability [default: 2]

Installation

Linux

from releases

from source code (rust should be installed)

git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release

using cargo install

cargo install request_smuggler --version 0.1.0-alpha.2

Mac

from source code (rust should be installed)

git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release

using cargo install

cargo install request_smuggler --version 0.1.0-alpha.2

Windows
- from releases

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 203

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (2) 🔗