request_smuggler 0.1.0-alpha.1

Http request smuggling vulnerability scanner
Documentation

Twitter

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.

Usage

USAGE:
    request_smuggler [FLAGS] [OPTIONS] --url <url>

FLAGS:
        --full       Tries to detect the vulnerability using differential responses as well.
                     Can disrupt other users!!!
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
        --amount-of-payloads <amount-of-payloads>    low/medium/all (default is "low")
    -H, --header <headers>                           Example: -H 'one:one' 'two:two'
    -X, --method <method>                            (default is "POST")
    -u, --url <url>
    -v, --verbose <verbose>
            0 - print detected cases and errors only, 1 - print first line of server responses (default is 0)

Installation

  • Linux

    • from releases
    • from source code (rust should be installed) 
      git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release
    • using cargo install 
      cargo install request_smuggler

  • Mac

    • from source code (rust should be installed) 
      git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release
    • using cargo install 
      cargo install request_smuggler

  • Windows

    • from releases