Kali Linux

Request_Smuggler : Http Request Smuggling Vulnerability Scanner

Request_Smuggler is a Http request smuggling vulnerability scanner. Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.

Usage

USAGE:
request_smuggler [OPTIONS] –url
FLAGS:
-h, –help Prints help information
-V, –version Prints version information
OPTIONS:
–amount-of-payloads low/medium/all [default: low]
-t, –attack-types
[ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: “ClTeTime” “TeClTime”]
–file
send request from a file
you need to explicitly pass \r\n at the end of the lines
-H, –header Example: -H ‘one:one’ ‘two:two’
-X, –method [default: POST]
-u, –url
-v, –verbose
0 – print detected cases and errors only,
1 – print first line of server responses
2 – print requests [default: 0]
–verify how many times verify the vulnerability [default: 2]

Installation

  • Linux
    • from releases
    • from source code (rust should be installed)

git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build –release

using cargo install

cargo install request_smuggler –version 0.1.0-alpha.2

Mac

  • from source code (rust should be installed)

git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build –release

using cargo install

cargo install request_smuggler –version 0.1.0-alpha.2

  • Windows
    • from releases
R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

4 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

4 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

2 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago