Skip to content
/ cmd-inject-header Public

Simple tool to check command injection in headers of http request

19 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tranquac/cmd-inject-header

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
core
core
 
 
image
image
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
headers_all.txt
headers_all.txt
 
 
headers_common.txt
headers_common.txt
 
 
main.go
main.go
 
 
payloads.txt
payloads.txt
 
 
urls.txt
urls.txt
 
 

Repository files navigation

cmd-inject-header

A simple tool to check command injection in headers of http request, faster with goroutines

Designed to make easy check command injection in headers for bug hunter, pentester, red team-er

Inspired by

https://twitter.com/p3n73st3r/status/1556645395928866818

https://raw.githubusercontent.com/tranquac/cmd-inject-header/master/image/insprired.png

Usage

Usage of cmd-inject-header:
  -hd string
        Path to list header file
  -it string
        Your interact server to check the interaction (dnslog.cn/burp collabarator/interact.sh...)
  -pl string
        Path to list payload file
  -se
        If you want send request for status code 4xx/5xx
  -ur string
        Path to list url file (URL have / in the end: http://example.com/)

Usage : go run . -hd headers_common.txt -pl payloads.txt -ur urls.txt -it xxx.burpcollaborator.net

Usage : go run . -hd headers_common.txt -pl payloads.txt -ur urls.txt -it xxx.burpcollaborator.net -se=true

(To send request for status code 4xx/5xx. Sometime app only vuln with this status code!)

About

Simple tool to check command injection in headers of http request

Resources

Readme
Activity

Stars

19 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages