{"id":13603101,"url":"https://github.com/Sh1Yo/request_smuggler","last_synced_at":"2025-04-11T13:32:44.124Z","repository":{"id":43474023,"uuid":"387511758","full_name":"Sh1Yo/request_smuggler","owner":"Sh1Yo","description":"Http request smuggling vulnerability scanner","archived":true,"fork":false,"pushed_at":"2022-08-11T08:10:22.000Z","size":33,"stargazers_count":227,"open_issues_count":2,"forks_count":30,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-10T10:11:22.760Z","etag":null,"topics":["bugbounty","request-smuggling","rust","scanner","security","web"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sh1Yo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-19T15:30:28.000Z","updated_at":"2025-03-10T13:34:53.000Z","dependencies_parsed_at":"2022-07-17T01:16:19.888Z","dependency_job_id":null,"html_url":"https://github.com/Sh1Yo/request_smuggler","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh1Yo%2Frequest_smuggler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh1Yo%2Frequest_smuggler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh1Yo%2Frequest_smuggler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh1Yo%2Frequest_smuggler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sh1Yo","download_url":"https://codeload.github.com/Sh1Yo/request_smuggler/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248409840,"owners_count":21098771,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","request-smuggling","rust","scanner","security","web"],"created_at":"2024-08-01T18:01:50.657Z","updated_at":"2025-04-11T13:32:43.778Z","avatar_url":"https://github.com/Sh1Yo.png","language":"Rust","funding_links":["https://ko-fi.com/B0B858X5E"],"categories":["Rust","bugbounty"],"sub_categories":[],"readme":"[![Twitter](https://img.shields.io/twitter/follow/sh1yo_.svg?logo=twitter)](https://twitter.com/sh1yo_)\n\n[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/B0B858X5E)\n\n![crates.io](https://img.shields.io/crates/v/request_smuggler.svg)\n![stars](https://img.shields.io/github/stars/Sh1Yo/request_smuggler)\n![crates_downloads](https://img.shields.io/crates/d/request_smuggler?logo=rust)\n![github_downloads](https://img.shields.io/github/downloads/sh1yo/request_smuggler/total?label=downloads\u0026logo=github)\n\n\u003ch1 align=\"center\"\u003eRequest smuggler\u003c/h1\u003e\n\u003ch3 align=\"center\"\u003eHttp request smuggling vulnerability scanner\u003c/h3\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=https://user-images.githubusercontent.com/54232788/126177471-151fade2-f7bb-4852-a106-59f35fe2b560.png\u003e\n\u003c/p\u003e\n\nBased on the amazing [research](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) by [James Kettle](https://twitter.com/albinowax).\nThe tool can help to find servers that may be vulnerable to request smuggling vulnerability.\n\n## Archived\nThe tool needs a lot of improvements, and I don't have enough time to support it as I have another large project - [x8](https://github.com/Sh1Yo/x8). I will probably return to this project in the future.\n\n## Usage\n\n```\nUSAGE:\n request_smuggler [OPTIONS] --url \u003curl\u003e\n\nFLAGS:\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n --amount-of-payloads \u003camount-of-payloads\u003e low/medium/all [default: low]\n -t, --attack-types \u003cattack-types\u003e\n [ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: \"ClTeTime\" \"TeClTime\"]\n\n --file \u003cfile\u003e\n send request from a file\n you need to explicitly pass \\r\\n at the end of the lines\n -H, --header \u003cheaders\u003e Example: -H 'one:one' 'two:two'\n -X, --method \u003cmethod\u003e [default: POST]\n -u, --url \u003curl\u003e\n -v, --verbose \u003cverbose\u003e\n 0 - print detected cases and errors only,\n 1 - print first line of server responses\n 2 - print requests [default: 0]\n --verify \u003cverify\u003e how many times verify the vulnerability [default: 2]\n```\n\n## Installation\n- Linux\n - from releases\n - from source code (rust should be installed)\n ```bash\n git clone https://github.com/Sh1Yo/request_smuggler\n cd request_smuggler\n cargo build --release\n ```\n - using cargo install\n ```bash\n cargo install request_smuggler --version 0.1.0-alpha.2\n ```\n- Mac\n - from source code (rust should be installed)\n ```bash\n git clone https://github.com/Sh1Yo/request_smuggler\n cd request_smuggler\n cargo build --release\n ```\n - using cargo install\n ```bash\n cargo install request_smuggler --version 0.1.0-alpha.2\n ```\n\n- Windows\n - from releases\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSh1Yo%2Frequest_smuggler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSh1Yo%2Frequest_smuggler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSh1Yo%2Frequest_smuggler/lists"}