2.0.0 • Published 3 years ago

@pown/smuggler v2.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
3 years ago

Follow on Twitter NPM Fury default workflow SecApps

Pown Smuggler

HTTP request splitting / smuggling tool.

Credits

This tool is part of secapps.com open-source initiative.

  ___ ___ ___   _   ___ ___  ___
 / __| __/ __| /_\ | _ \ _ \/ __|
 \__ \ _| (__ / _ \|  _/  _/\__ \
 |___/___\___/_/ \_\_| |_|  |___/
  https://secapps.com

Authors

Quickstart

This tool is meant to be used as part of Pown.js, but it can be invoked separately as an independent tool.

Install Pown first as usual:

$ npm install -g pown@latest

Install smuggler:

$ pown modules install @pown/smuggler

Invoke directly from Pown:

$ pown smuggler

Standalone Use

Install this module locally from the root of your project:

$ npm install @pown/smuggler --save

Once done, invoke pown cli:

$ POWN_ROOT=. ./node_modules/.bin/pown-cli smuggler

You can also use the global pown to invoke the tool locally:

$ POWN_ROOT=. pown smuggler

Usage

WARNING: This pown command is currently under development and as a result will be subject to breaking changes.

pown-cli smuggler [target]

HTTP request smuggling tool

Options:
  --version                                                 Show version number  [boolean]
  --help                                                    Show help  [boolean]
  --connect-timeout, -t, --timeout                          Maximum time allowed for connection  [number] [default: 30000]
  --data-timeout, -T                                        Maximum time allowed for connection  [number] [default: 30000]
  --accept-unauthorized, -k, --insecure                     Accept unauthorized TLS errors  [boolean] [default: false]
  --connect-concurrency, -c                                 The number of connections to open at the same time  [number] [default: Infinity]
  --filter-response-code, --response-code, --filter-status  Filter responses with code  [string] [default: ""]
  --content-sniff-size, --content-sniff, --sniff-size       Specify the size of the content sniff  [number] [default: 5]
  --print-response-body, --print-body                       Print response body  [boolean] [default: false]
  --download-response-body, --download-body                 Download response body  [boolean] [default: false]
  --task-concurrency, -C                                    The number of smuggler tasks to run at the same time  [number] [default: Infinity]
  --header, -H                                              Custom header  [string]
  --data, -d                                                Data to send  [string]
  --json-data, -D                                           Data to send (json encoded string)  [string]
  --smuggled-method                                         HTTP method used for smuggled request  [string] [default: "GET"]
  --smuggled-host                                           HTTP host used for smuggled request  [string] [default: ""]
  --smuggled-path                                           HTTP path used for smuggled request  [string] [default: "/"]
  --smuggled-header                                         HTTP header used for smuggled request  [string] [default: "X-Ignore: X"]
  --smuggled-data                                           HTTP data used for smuggled request  [string]
  --smuggled-json-data                                      HTTP data used for smuggled request (json encoded string)  [string]
exploitframework
@pown/connect
@infinitebrahmanuniverse/nolb-_pow@everything-registry/sub-chunk-734
2.0.0

3 years ago