A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
☆124Sep 6, 2022Updated 3 years ago
Alternatives and similar repositories for Awesome-HTTPRequestSmuggling
Users that are interested in Awesome-HTTPRequestSmuggling are comparing it to the libraries listed below
Sorting:
- ☆17May 10, 2021Updated 4 years ago
- Basic XSS Scanner☆11Jan 21, 2021Updated 5 years ago
- ☆38Aug 27, 2022Updated 3 years ago
- Removes duplicate entries from a file, resulting in only unique parameter combinations. Useful for parsing waybackurls and making recon m…☆11May 31, 2020Updated 5 years ago
- ☆27Jun 7, 2022Updated 3 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆346Nov 20, 2022Updated 3 years ago
- ☆12Oct 2, 2022Updated 3 years ago
- ☆562Mar 27, 2025Updated 11 months ago
- Detects request smuggling via HTTP/2 downgrades.☆94Jul 30, 2022Updated 3 years ago
- HTTP Request Smuggling Detection Tool☆535Dec 21, 2023Updated 2 years ago
- all manner of wordlists☆24Jan 19, 2022Updated 4 years ago
- Subdomain takeover scanner using Python asyncio☆18Oct 24, 2022Updated 3 years ago
- qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.☆30May 6, 2020Updated 5 years ago
- Techniques / Tips and tricks for finding sensitive data exposures in Github for Penetration Testers / Bug Bounty Hunters☆17Aug 1, 2020Updated 5 years ago
- Random utilities from my security projects that might be useful to others☆183Jan 26, 2025Updated last year
- A tool to find redirection chains in multiple URLs☆78Jan 1, 2025Updated last year
- Capture all RabbitMQ messages being sent through a broker.☆32Feb 13, 2021Updated 5 years ago
- ☆11Dec 25, 2020Updated 5 years ago
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆175Oct 26, 2024Updated last year
- All The Notes And Tips I FOund In Github And Twitter I Put Them Here☆35Aug 31, 2020Updated 5 years ago
- ☆32May 9, 2021Updated 4 years ago
- Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database☆108Jan 26, 2020Updated 6 years ago
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)☆782May 10, 2022Updated 3 years ago
- Default plugins for Jaeles Scanner☆35Nov 5, 2020Updated 5 years ago
- A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it us…☆62Oct 25, 2020Updated 5 years ago
- Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.☆134Jul 11, 2021Updated 4 years ago
- ☆10Apr 6, 2024Updated last year
- ☆71Nov 8, 2021Updated 4 years ago
- Scraping creds using Github API and truffleHog☆11Dec 13, 2023Updated 2 years ago
- Bug Bounty tool to automate the recon process.☆12Oct 4, 2023Updated 2 years ago
- Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.☆13Aug 4, 2025Updated 7 months ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,062Jan 2, 2024Updated 2 years ago
- ☆95Sep 18, 2021Updated 4 years ago
- Blog about HTTP Request Smuggling, including a demo application.☆32Jan 4, 2022Updated 4 years ago
- a benchmarking&stressing tool that can send raw HTTP requests☆165Sep 24, 2022Updated 3 years ago
- Guide to SSRF☆74Oct 10, 2023Updated 2 years ago
- ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)☆30Dec 16, 2021Updated 4 years ago
- ☆33Oct 29, 2020Updated 5 years ago
- WaybackRust is a tool written in Rust to query the WaybackMachine.☆14Jul 18, 2025Updated 7 months ago