0.3.012.2 MB
MIT
strict
core22
Rust-powered HTTP Request Smuggling Scanner.
Smugglex is a security testing tool that detects HTTP Request Smuggling vulnerabilities in web applications. The tool tests for multiple attack types including CL.TE, TE.CL, TE.TE, H2C, and H2 smuggling.
HTTP Request Smuggling exploits differences in how front-end and back-end servers parse HTTP requests. When servers disagree on request boundaries, attackers can smuggle malicious requests through security controls. This leads to security vulnerabilities such as bypassing firewalls, poisoning caches, and accessing unauthorized resources.
Key Features:
- Detect multiple attack types: CL.TE, TE.CL, TE.TE, H2C, and H2
- Test 40+ variations of Transfer-Encoding header obfuscations
- Support HTTP/2 protocol-level desync detection
- Export vulnerable payloads for manual verification
- Save scan results in JSON format
- Read URLs from stdin for pipeline integration
- Configure custom headers, cookies, and virtual hosts
HTTP Request Smuggling exploits differences in how front-end and back-end servers parse HTTP requests. When servers disagree on request boundaries, attackers can smuggle malicious requests through security controls. This leads to security vulnerabilities such as bypassing firewalls, poisoning caches, and accessing unauthorized resources.
Key Features:
- Detect multiple attack types: CL.TE, TE.CL, TE.TE, H2C, and H2
- Test 40+ variations of Transfer-Encoding header obfuscations
- Support HTTP/2 protocol-level desync detection
- Export vulnerable payloads for manual verification
- Save scan results in JSON format
- Read URLs from stdin for pipeline integration
- Configure custom headers, cookies, and virtual hosts
Update History
0.3.0 (1)6 Jun 2026, 14:00 UTC
6 Jun 2026, 13:39 UTC
6 Jun 2026, 13:39 UTC
6 Jun 2026, 14:00 UTC