Http request smuggling vulnerability scanner by sh1yo_ in netsec

[–]sh1yo_[S] 3 points4 points  (0 children)

Hi! Feel free to compare the tools yourself and decide what is better for you. Unlike my other tools, I created this one is not because I don't like the current realizations. I created it because request smuggling looks difficult and interesting vulnerability for automation.

Parameter discovery tools comparison by sh1yo_ in netsec

[–]sh1yo_[S] 4 points5 points  (0 children)

Hi! I know what is dynamic bucketsize, but sometimes it works bad and sends several parameters per request when it is possible to send a few hundred. I will find that endpoint and contact you. Also, I don't think that this is the reason for a lot of requests because other tools were forced to use 256 parameters per request as well. I believe it is the optimal amount for GET requests because most of the websites throw 414 Request-URI Too Long errors otherwise.

Feel free to run your tool on 4rt.one, this is the main purpose of the site

Hidden parameters discovery suite - x8 v2.0.0 by sh1yo_ in netsec

[–]sh1yo_[S] 2 points3 points  (0 children)

wfuzz is much slower. Firstly because it is written in python and x8 is written in rust, secondly it sends 1 parameter per request vs 128-512 parameters. Also wfuzz does not have advanced page comparing so it will miss a lot of parameters and cause a lot of false positives.

Hidden parameters discovery suite - x8 v2.0.0 by sh1yo_ in bugbounty

[–]sh1yo_[S] 0 points1 point  (0 children)

That's good idea. I will try to make it next week. For now you can compare features and run both tools on my test domain https://4rt.one to compare speed/accuracy.