Request smuggler

Http request smuggling vulnerability scanner

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.

Usage

``` USAGE: request_smuggler [FLAGS] [OPTIONS] --url

FLAGS: --full Tries to detect the vulnerability using differential responses as well. Can disrupt other users!!! -h, --help Prints help information -V, --version Prints version information

OPTIONS: --amount-of-payloads low/medium/all (default is "low") -H, --header Example: -H 'one:one' 'two:two' -X, --method (default is "POST") -u, --url -v, --verbose 0 - print detected cases and errors only, 1 - print first line of server responses (default is 0) ```

Installation

• Linux
  • from releases
  • from source code (rust should be installed) bash git clone https://github.com/Sh1Yo/request_smuggler cd request_smuggler cargo build --release
  • using cargo install bash cargo install request_smuggler

• Mac

  • from source code (rust should be installed) bash git clone https://github.com/Sh1Yo/request_smuggler cd request_smuggler cargo build --release
  • using cargo install bash cargo install request_smuggler

• Windows

  • from releases