
Request smuggler
Http request smuggling vulnerability scanner
Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.
Installation
- Linux
- from releases
- from source code (rust should be installed)
git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build –release
- Mac
- from source code (rust should be installed)
git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build –release
- Windows
- from releases
Usage
USAGE: request_smuggler [OPTIONS] --urlFLAGS: -h, --help Prints help information -V, --version Prints version information OPTIONS: --amount-of-payloads low/medium/all [default: low] -t, --attack-types [ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: "ClTeTime" "TeClTime"] --file send request from a file you need to explicitly pass \r\n at the end of the lines -H, --header Example: -H 'one:one' 'two:two' -X, --method [default: POST] -u, --url -v, --verbose 0 - print detected cases and errors only, 1 - print first line of server responses 2 - print requests [default: 0] --verify how many times verify the vulnerability [default: 2]