Request Smuggler – HTTP Request Smuggling Vulnerability Scanner

Request Smuggler - HTTP Request Smuggling Vulnerability Scanner

Request smuggler

Http request smuggling vulnerability scanner

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.

Installation

  • Linux
    • from releases
    • from source code (rust should be installed)
git clone https://github.com/Sh1Yo/request_smuggler cd request_smuggler cargo build –release

  • Mac
    • from source code (rust should be installed)
git clone https://github.com/Sh1Yo/request_smuggler cd request_smuggler cargo build –release

  • Windows
    • from releases

Usage

USAGE:
    request_smuggler [OPTIONS] --url 

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
        --amount-of-payloads     low/medium/all [default: low]
    -t, --attack-types 
            [ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: "ClTeTime" "TeClTime"]

        --file 
            send request from a file
            you need to explicitly pass \r\n at the end of the lines
    -H, --header                            Example: -H 'one:one' 'two:two'
    -X, --method                              [default: POST]
    -u, --url 
    -v, --verbose 
            0 - print detected cases and errors only,
            1 - print first line of server responses
            2 - print requests [default: 0]
        --verify                             how many times verify the vulnerability [default: 2]


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

12 + 11 =