BishopFox/h2csmuggler

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BishopFox/h2csmuggler)

BishopFox / h2csmuggler

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

☆782

Alternatives and similar repositories for h2csmuggler

Users that are interested in h2csmuggler are comparing it to the libraries listed below

Sorting:

neex / http2smugl
View on GitHub
☆562Mar 27, 2025Updated 11 months ago
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,062Jan 2, 2024Updated 2 years ago
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,589Jan 27, 2024Updated 2 years ago
0ang3el / websocket-smuggle
View on GitHub
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
☆391Aug 15, 2024Updated last year
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆953Dec 31, 2021Updated 4 years ago
assetnote / h2csmuggler
View on GitHub
☆75Feb 11, 2024Updated 2 years ago
jmdx / TLS-poison
View on GitHub
☆705Nov 27, 2024Updated last year
filedescriptor / untrusted-types
View on GitHub
☆695Jul 4, 2022Updated 3 years ago
msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆522Sep 17, 2022Updated 3 years ago
ZeddYu / HTTP-Smuggling-Lab
View on GitHub
Use HTTP Smuggling Lab to learn HTTP Smuggling.
☆346Nov 20, 2022Updated 3 years ago
anshumanpattnaik / http-request-smuggling
View on GitHub
HTTP Request Smuggling Detection Tool
☆535Dec 21, 2023Updated 2 years ago
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆612Mar 4, 2021Updated 5 years ago
PortSwigger / http-request-smuggler
View on GitHub
☆1,187Jan 21, 2026Updated last month
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,482Oct 12, 2024Updated last year
tarunkant / Gopherus
View on GitHub
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
☆3,302Apr 18, 2023Updated 2 years ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,167May 26, 2023Updated 2 years ago
BishopFox / rmiscout
View on GitHub
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
☆447Sep 7, 2022Updated 3 years ago
devanshbatham / FavFreak
View on GitHub
Making Favicon.ico based Recon Great again !
☆1,268Aug 29, 2023Updated 2 years ago
GrrrDog / weird_proxies
View on GitHub
Reverse proxies cheatsheet
☆1,855Nov 4, 2023Updated 2 years ago
1ndianl33t / Gf-Patterns
View on GitHub
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
☆1,401Sep 13, 2024Updated last year
assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,106Apr 29, 2024Updated last year
Hackmanit / Web-Cache-Vulnerability-Scanner
View on GitHub
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…
☆1,153Jan 21, 2026Updated last month
visma-prodsec / confused
View on GitHub
Tool to check for dependency confusion vulnerabilities in multiple package management systems
☆778Aug 19, 2024Updated last year
fransr / postMessage-tracker
View on GitHub
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆1,293Jan 26, 2024Updated 2 years ago
httpvoid / writeups
View on GitHub
☆1,200Sep 2, 2022Updated 3 years ago
swisskyrepo / SSRFmap
View on GitHub
Automatic SSRF fuzzer and exploitation tool
☆3,489Sep 4, 2025Updated 6 months ago
swisskyrepo / GraphQLmap
View on GitHub
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
☆1,631Mar 11, 2024Updated last year
defparam / tiscripts
View on GitHub
Turbo Intruder Scripts
☆228Jun 11, 2020Updated 5 years ago
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆649Feb 21, 2024Updated 2 years ago
yeswehack / PwnFox
View on GitHub
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
☆1,292Aug 7, 2024Updated last year
doyensec / inql
View on GitHub
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
☆1,737Feb 16, 2026Updated 2 weeks ago
hahwul / ws-smuggler
View on GitHub
WebSocket Connection Smuggler
☆47Sep 30, 2022Updated 3 years ago
s0md3v / uro
View on GitHub
declutters url lists for crawling/pentesting
☆1,531Feb 23, 2025Updated last year
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆656Jun 29, 2025Updated 8 months ago
irsdl / IIS-ShortName-Scanner
View on GitHub
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
☆1,632Sep 3, 2023Updated 2 years ago
zigoo0 / JSONBee
View on GitHub
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
☆750May 6, 2024Updated last year
jaeles-project / jaeles
View on GitHub
The Swiss Army knife for automated Web Application Testing
☆2,323May 8, 2024Updated last year
ayoubfathi / leaky-paths
View on GitHub
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
☆1,024Feb 22, 2026Updated last week
epinna / tplmap
View on GitHub
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
☆4,123Apr 21, 2024Updated last year