Http request smuggling vulnerability scanner

Related tags

Security tools request_smuggler
Overview

Twitter

Request smuggler

Http request smuggling vulnerability scanner

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.

Usage

Example: -H 'one:one' 'two:two' -X, --method (default is "POST") -u, --url -v, --verbose 0 - print detected cases and errors only, 1 - print first line of server responses (default is 0) "> 
USAGE:
    request_smuggler [FLAGS] [OPTIONS] --url 

FLAGS:
        --full       Tries to detect the vulnerability using differential responses as well.
                     Can disrupt other users!!!
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
        --amount-of-payloads     low/medium/all (default is "low")
    -H, --header                            Example: -H 'one:one' 'two:two'
    -X, --method                             (default is "POST")
    -u, --url 
    -v, --verbose 
            0 - print detected cases and errors only, 1 - print first line of server responses (default is 0)

Installation

  • Linux

    • from releases
    • from source code (rust should be installed) 
      git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release
    • using cargo install 
      cargo install request_smuggler --version 0.1.0-alpha.1

  • Mac

    • from source code (rust should be installed) 
      git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release
    • using cargo install 
      cargo install request_smuggler --version 0.1.0-alpha.1

  • Windows

    • from releases
You might also like...
Automated attack surface mapper and vulnerability scanner

Phaser Automated attack surface mapper and vulnerability scanner What is this? Phaser is a high-performance and automated attack surface mapper and vu

Sylvain Kerkour 74 Dec 16, 2022
python dependency vulnerability scanner, written in Rust.
python dependency vulnerability scanner, written in Rust.

🐍 Pyscan A dependency vulnerability scanner for your python projects, straight from the terminal. πŸš€ blazingly fast scanner that can be used within l

Aswin. 80 Jun 4, 2023
RustVulnsScan is a powerful system vulnerability scanner written in Rust
RustVulnsScan is a powerful system vulnerability scanner written in Rust

RustVulnsScan is a powerful system vulnerability scanner written in Rust. It allows you to perform comprehensive scans of your system to identify potential vulnerabilities and security risks.

null 2 Jul 2, 2023
An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC.

πŸš€ H123 An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC. Warning This is an experimental project and not inte

Naoki Ikeguchi 7 Dec 15, 2022
HTTP request logger

nosy - HTTP request logger How hard can it be to build your own HTTP request logger in Rust? Well, not that easy if you've never written a webapp in R

Manuel Hutter 1 Nov 26, 2021
HTTP microservice using Axum and Reqwest to request the Google Translate TTS endpoint without rate limits

HTTP microservice using Axum and Reqwest to request the Google Translate TTS endpoint without rate limits

Gnome! 5 Oct 5, 2022
A blazingly fast HTTP client with a magnificent request building syntax, made for humans.
A blazingly fast HTTP client with a magnificent request building syntax, made for humans.

πŸ”— glue Make requests, select JSON responses, nest them in other requests: A magnificent syntax for blazingly fast cli HTTP calls, made for humans. Ta

Michele Esposito 4 Dec 7, 2022
Command-line HTTP client for sending a POST request to specified URI on each stdin line.

line2httppost Simple tool to read lines from stdin and post each line as separate POST request to a specified URL (TCP connection is reused though). G

Vitaly Shukela 3 Jan 3, 2023
HTTP client/libcurl TUI front end in Rust, with request + key storage
HTTP client/libcurl TUI front end in Rust, with request + key storage

Rust TUI HTTP Client with API Key Management This project is still in active development and although it is useable, there may still be bugs and signi

Preston Thorpe 23 Nov 9, 2023
serde support for http crate types Request, Response, Uri, StatusCode, HeaderMap

serde extensions for the http crate types Allows serializing and deserializing the following types from http: Response Request HeaderMap StatusCode Ur

Andrew Toth 3 Nov 1, 2023
A more modern http framework benchmarker supporting HTTP/1 and HTTP/2 benchmarks.

rewrk A more modern http framework benchmark utility.

Harrison Burt 273 Dec 27, 2022
A fast tool to scan prototype pollution vulnerability written in Rust. πŸ¦€
A fast tool to scan prototype pollution vulnerability written in Rust. πŸ¦€

ppfuzz Prototype Pollution Fuzzer A fast tool to scan prototype pollution vulnerability written in Rust. πŸ¦€ Installation Binary Source Dependencies Us

Dwi Siswanto 410 Dec 27, 2022
Common vulnerability scanning on steroids β˜„οΈ

Hogg 🐽 An experimental passive website scanner. Hogg acts as a proxy between you and your DNS server and scans every website you visit for common vul

Yallxe 13 Jan 8, 2023
πŸ’” Heartbleed vulnerability exploit written in Rust

Heartbleed πŸ’” Heartbleed vulnerability exploit written in Rust What is it Heartbleed is a buffer over-read vulnerability in outdated versions of OpenS

Gianmatteo Palmieri 4 May 23, 2023
πŸ€– The Modern Port Scanner πŸ€–
πŸ€– The Modern Port Scanner πŸ€–

➑️ Discord | Installation Guide | Usage Guide ⬅️ The Modern Port Scanner. Fast, smart, effective. πŸ‹ Docker (Recommended) πŸ‘©β€πŸ’» Kali / Debian πŸ—οΈ Arch

null 8.8k Jan 8, 2023
A simple scanner that loops through ips and checks if a minecraft server is running on port 25565

scanolotl Scanolotl is a simple scanner that loops through ips and checks if a minecraft server is running on port 25565. Scanolotl can also preform a

JustFr33z 3 Jul 28, 2022
A high performance TCP SYN port scanner.

Armada A High-Performance TCP SYN scanner What is Armada? Armada is a high performance TCP SYN scanner. This is equivalent to the type of scanning tha

resync 259 Dec 19, 2022
simple multi-threaded port scanner written in rust
simple multi-threaded port scanner written in rust

knockson simple multi-threaded port scanner written in rust Install Using AUR https://aur.archlinux.org/packages/knockson-bin/ yay -Syu knockson-bin M

Josh MΓΌnte 4 Oct 5, 2022
A simple port scanner built using rust-lang

A simple port scanner built using rust-lang

Krisna Pranav 1 Nov 6, 2021
Comments
  • This Issue

    This Issue

    warning: build failed, waiting for other jobs to finish... error: failed to compile request_smuggler v0.1.0-alpha.1, intermediate artifacts can be found at /tmp/cargo-installgMlo6q

    Caused by: build failed

    opened by Fawadkhanfk 2
  • HTTP request smuggling payload variants

    HTTP request smuggling payload variants

    Evan Custodio 's smuggler, https://github.com/defparam/smuggler, has variants. Please add them to your project. Your tool is very useful for creating PoCs for bug bounties and for that, I am very grateful.

    enhancement 
    opened by Arqib 2
Owner
null
GitHub
Automated attack surface mapper and vulnerability scanner

Phaser Automated attack surface mapper and vulnerability scanner What is this? Phaser is a high-performance and automated attack surface mapper and vu

Sylvain Kerkour 74 Dec 16, 2022
πŸ’” Heartbleed vulnerability exploit written in Rust

Heartbleed ?? Heartbleed vulnerability exploit written in Rust What is it Heartbleed is a buffer over-read vulnerability in outdated versions of OpenS

Gianmatteo Palmieri 4 May 23, 2023
πŸ€– The Modern Port Scanner πŸ€–

➑️ Discord | Installation Guide | Usage Guide ⬅️ The Modern Port Scanner. Fast, smart, effective. ?? Docker (Recommended) ??‍?? Kali / Debian ??️ Arch

null 8.8k Jan 8, 2023
A simple scanner that loops through ips and checks if a minecraft server is running on port 25565

scanolotl Scanolotl is a simple scanner that loops through ips and checks if a minecraft server is running on port 25565. Scanolotl can also preform a

JustFr33z 3 Jul 28, 2022
simple multi-threaded port scanner written in rust

knockson simple multi-threaded port scanner written in rust Install Using AUR https://aur.archlinux.org/packages/knockson-bin/ yay -Syu knockson-bin M

Josh MΓΌnte 4 Oct 5, 2022
A simple port scanner built using rust-lang

A simple port scanner built using rust-lang

Krisna Pranav 1 Nov 6, 2021
Dangerously fast dns/network/port scanner, all-in-one

Skanuvaty Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains f

CCCC 701 Dec 31, 2022
A simple port sniffer(scanner) implementation with πŸ¦€

A simple port sniffer(scanner) implementation with ?? Install from crates.io crago install ports-sniffer From aur: yay -S ports-sniffer Arguments Argu

Anas Elgarhy 8 Oct 10, 2022
Lightweight slowloris (HTTP DoS) implementation in Rust.

slowlorust Lightweight slowloris (HTTP DoS) implementation in Rust. Slowloris is a denial-of-service attack program which allows an attacker to overwh

Michael Van Leeuwen 6 Sep 29, 2022
Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data sources

Kepler β€” Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data so

Exein.io 101 Nov 12, 2022