diff --git a/README.md b/README.md index 82c14c4..595b05f 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,10 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin | Scanner/RECON | [megplus](https://github.com/EdOverflow/megplus) | Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] | ![](https://img.shields.io/github/stars/EdOverflow/megplus) | ![](https://img.shields.io/github/languages/top/EdOverflow/megplus) | | Scanner/S3 | [AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump) | Security Tool to Look For Interesting Files in S3 Buckets | ![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump) | ![](https://img.shields.io/github/languages/top/jordanpotti/AWSBucketDump) | | Scanner/S3 | [S3Scanner](https://github.com/sa7mon/S3Scanner) | Scan for open AWS S3 buckets and dump the contents | ![](https://img.shields.io/github/stars/sa7mon/S3Scanner) | ![](https://img.shields.io/github/languages/top/sa7mon/S3Scanner) | +| Scanner/SMUGGLE | [HRS](https://github.com/SafeBreach-Labs/HRS) | HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. | ![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS) | ![](https://img.shields.io/github/languages/top/SafeBreach-Labs/HRS) | | Scanner/SMUGGLE | [h2csmuggler](https://github.com/BishopFox/h2csmuggler) | HTTP Request Smuggling over HTTP/2 Cleartext (h2c) | ![](https://img.shields.io/github/stars/BishopFox/h2csmuggler) | ![](https://img.shields.io/github/languages/top/BishopFox/h2csmuggler) | +| Scanner/SMUGGLE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | This extension should not be confused with Burp Suite HTTP Smuggler, which uses similar techniques but is focused exclusively bypassing WAFs. | ![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) | ![](https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) | +| Scanner/SMUGGLE | [http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling) | HTTP Request Smuggling Detection Tool | ![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling) | ![](https://img.shields.io/github/languages/top/anshumanpattnaik/http-request-smuggling) | | Scanner/SMUGGLE | [http2smugl](https://github.com/neex/http2smugl) | This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. | ![](https://img.shields.io/github/stars/neex/http2smugl) | ![](https://img.shields.io/github/languages/top/neex/http2smugl) | | Scanner/SMUGGLE | [smuggler](https://github.com/defparam/smuggler) | Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 | ![](https://img.shields.io/github/stars/defparam/smuggler) | ![](https://img.shields.io/github/languages/top/defparam/smuggler) | | Scanner/SMUGGLE | [websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler) | websocket-connection-smuggler | ![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) | ![](https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) | diff --git a/data.json b/data.json index 96e2d27..1cbcc2a 100644 --- a/data.json +++ b/data.json @@ -431,6 +431,22 @@ "Windows": "cd GraphQLmap; git pull -v ; pip install -r requirements.txt" } }, + "HRS": { + "Type": "Scanner", + "Data": "| Scanner/SMUGGLE | [HRS](https://github.com/SafeBreach-Labs/HRS) | HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. | ![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS) | ![](https://img.shields.io/github/languages/top/SafeBreach-Labs/HRS) |", + "Method": "SMUGGLE", + "Description": "HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.", + "Install": { + "Linux": "", + "MacOS": "", + "Windows": "" + }, + "Update": { + "Linux": "", + "MacOS": "", + "Windows": "" + } + }, "HydraRecon": { "Data": "| Discovery/ALL | [HydraRecon](https://github.com/aufzayed/HydraRecon) | All In One, Fast, Easy Recon Tool | ![](https://img.shields.io/github/stars/aufzayed/HydraRecon) | ![](https://img.shields.io/github/languages/top/aufzayed/HydraRecon) |", "Description": "All In One, Fast, Easy Recon Tool", @@ -2079,16 +2095,48 @@ "Windows": "go get github.com/htcat/htcat/cmd/htcat" } }, - "http2smugl": { - "Type": "Scanner", - "Data": "| Scanner/SMUGGLE | [http2smugl](https://github.com/neex/http2smugl) | This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -\u003e HTTP/1.1 conversion by the frontend server. | ![](https://img.shields.io/github/stars/neex/http2smugl) | ![](https://img.shields.io/github/languages/top/neex/http2smugl) |", + "http-request-smuggler": { + "Data": "| Scanner/SMUGGLE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | This extension should not be confused with Burp Suite HTTP Smuggler, which uses similar techniques but is focused exclusively bypassing WAFs. | ![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) | ![](https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) |", + "Description": "This extension should not be confused with Burp Suite HTTP Smuggler, which uses similar techniques but is focused exclusively bypassing WAFs.", + "Install": { + "Linux": "", + "MacOS": "", + "Windows": "" + }, "Method": "SMUGGLE", + "Type": "Scanner", + "Update": { + "Linux": "", + "MacOS": "", + "Windows": "" + } + }, + "http-request-smuggling": { + "Data": "| Scanner/SMUGGLE | [http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling) | HTTP Request Smuggling Detection Tool | ![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling) | ![](https://img.shields.io/github/languages/top/anshumanpattnaik/http-request-smuggling) |", + "Description": "HTTP Request Smuggling Detection Tool", + "Install": { + "Linux": "", + "MacOS": "", + "Windows": "" + }, + "Method": "SMUGGLE", + "Type": "Scanner", + "Update": { + "Linux": "", + "MacOS": "", + "Windows": "" + } + }, + "http2smugl": { + "Data": "| Scanner/SMUGGLE | [http2smugl](https://github.com/neex/http2smugl) | This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -\u003e HTTP/1.1 conversion by the frontend server. | ![](https://img.shields.io/github/stars/neex/http2smugl) | ![](https://img.shields.io/github/languages/top/neex/http2smugl) |", "Description": "This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -\u003e HTTP/1.1 conversion by the frontend server.", "Install": { "Linux": "", "MacOS": "", "Windows": "" }, + "Method": "SMUGGLE", + "Type": "Scanner", "Update": { "Linux": "", "MacOS": "",