The Host Header Vulnerability Scanner is a command-line tool designed to detect and identify potential Host Header Injection vulnerabilities in web applications. By testing the behavior of a web application when manipulated with a custom Host header value, this tool helps identify possible security risks and assists in securing the application against such attacks.
To use the Host Header Vulnerability Scanner, follow the instructions below:
Usage: script.sh <options> <arguments>
Options:
- -l : Input file of the URLs
- -d : Domain to test
The -l option allows you to specify an input file containing a list of URLs to test for Host Header Injection vulnerabilities. The -d option is used to specify the domain to test. This option allows you to perform a targeted scan on a specific domain.
- Automated scanning for host header injection vulnerabilities
- Supports input file with multiple URLs for batch scanning
- Specify a domain to test for all the subdomains
- Clone the repository:
git clone https://github.com/hemantsolo/Host-Header-Injection-Vulnerability-Scanner.git
- Change into the project directory:
cd Host-Header-Injection-Vulnerability-Scanner
- Provide the executable permission
chmod +x script.sh
- For usage use the below cmd:
bash script.sh -l list.txt
or
bash script.sh -d example.com
- https://portswigger.net/web-security/host-header
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions to the Host Header Vulnerability Scanner are welcome! If you find any issues or have suggestions for improvements, feel free to open an issue or submit a pull request.
I would like to express my gratitude to the open-source community for their continuous support and contributions. Special thanks to the creators and maintainers of Subfinder, httpx, and curl for their amazing tools.
For any inquiries or suggestions, please feel free to contact at solohemant@gmail.com or https://www.linkedin.com/in/hemantsolo.
The Host Header Vulnerability Scanner is provided for educational and informational purposes only. The developers are not responsible for any misuse or illegal activities conducted with this tool. Use it responsibly and with proper authorization.
Please note that scanning web applications without proper authorization is illegal and unethical. Always obtain proper authorization before scanning any target.