Blog about HTTP Request Smuggling, including a demo application.
☆32Jan 4, 2022Updated 4 years ago
Alternatives and similar repositories for http-request-smuggling
Users that are interested in http-request-smuggling are comparing it to the libraries listed below
Sorting:
- ☆29Jan 10, 2023Updated 3 years ago
- ☆22Aug 3, 2024Updated last year
- ☆11Dec 17, 2018Updated 7 years ago
- A handy plugin for copying requests/responses directly from Burp, some extra magic included.☆13Oct 15, 2021Updated 4 years ago
- Accompanying material needed for the workshop☆11Jun 14, 2023Updated 2 years ago
- ☆32Updated this week
- This a Complete tool contained box for Capture The Flag competition. Mostly I have inserted all the necessary tools. Some of the people h…☆11Apr 16, 2022Updated 3 years ago
- Summary and archive of Vatican .va (Holy See) ccTLD zone data for researchers.☆13Apr 26, 2023Updated 2 years ago
- Resources to learn about Insecure Deserialization☆17Jul 12, 2024Updated last year
- S3 Buckets that will let you list all files inside them☆14Apr 26, 2018Updated 7 years ago
- A modular URL deduplication tool.☆19Feb 19, 2025Updated last year
- ☆32May 30, 2019Updated 6 years ago
- Python exploit of cve-2020-7247☆25Feb 19, 2020Updated 6 years ago
- A simple utility to fetch freshly updated DNS resolvers☆19Feb 17, 2024Updated 2 years ago
- ☆15Feb 5, 2025Updated last year
- ☆21Sep 12, 2025Updated 5 months ago
- NodeJS script to extract assets for the Apple bug bounty program from their security acknowledgments page for bug bounty recon.☆78Nov 5, 2022Updated 3 years ago
- Automated Recon Tool Installer☆16Jun 29, 2022Updated 3 years ago
- A tool to test working urls.☆43Nov 17, 2020Updated 5 years ago
- cve-2014-0130 rails directory traversal vuln☆19May 15, 2017Updated 8 years ago
- ☆19Jun 24, 2021Updated 4 years ago
- A tool which allows HackerOne researchers to download their reports into a local, indexed, and searchable repository☆19Sep 29, 2022Updated 3 years ago
- Exploit script for the CFOR vulnerability using Github's GraphQL API☆23Aug 7, 2024Updated last year
- A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻☆124Sep 6, 2022Updated 3 years ago
- Burp Suite extension to easily export sub domains☆44Nov 29, 2019Updated 6 years ago
- All about CVE-2018-14667; From what it is to how to successfully exploit it.☆50Nov 30, 2018Updated 7 years ago
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆21Jan 20, 2025Updated last year
- Detects request smuggling via HTTP/2 downgrades.☆94Jul 30, 2022Updated 3 years ago
- Bug Bounty Recon Automation Script -- Scan AWS IP Range Certs for Matching FQDN☆27Sep 17, 2021Updated 4 years ago
- Feed it a list of subdomains, it will resolve them and tell you which ones are internal☆93Nov 21, 2021Updated 4 years ago
- Make exploiting race conditions in web applications highly efficient and ease-of-use.☆27Jun 18, 2025Updated 8 months ago
- recon.cloud is website that scans AWS, Azure and GCP public cloud footprint this GO tool only utilize its API for getting result to termi…☆25Feb 11, 2023Updated 3 years ago
- ☆24Jan 26, 2021Updated 5 years ago
- This tool is useful to find a particular string in a list of URLs using tesseract's OCR (Optical Character Recognition) capabilities☆31Jan 17, 2022Updated 4 years ago
- A collection of famous recon public scripts, but in bash <3☆29Mar 2, 2021Updated 5 years ago
- qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.☆30May 6, 2020Updated 5 years ago
- ☆65Dec 9, 2021Updated 4 years ago
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆176Oct 26, 2024Updated last year
- Magic Header Blind Xss tool (deliver blind xss payloads in request headers).☆25May 30, 2021Updated 4 years ago