S4E

HTTP Header Command Injection Vulnerability Fuzz & Scanner

You can fuzz HTTP headers for command injection using this tool.

Short Info

Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

5 minutes

Time Interval

13 days 9 hours

Scan only one

Domain, IPv4, Subdomain

Toolbox

HTTP Header Injection vulnerabilities occur when user input is insecurely included within server responses headers.


This tool fuzz the following HTTP headers.

  1. Accept
  2. Accept-Charset
  3. Accept-Datetime
  4. Accept-Encoding
  5. Accept-Language
  6. Authorization
  7. Cache-Control
  8. Connection
  9. Content-Length
  10. Content-MD5
  11. Content-Type
  12. Cookie
  13. Date
  14. Expect
  15. Forwarded
  16. From
  17. Host
  18. If-Match
  19. If-Modified-Since
  20. If-None-Match
  21. If-Range
  22. If-Unmodified-Since
  23. Max-Forwards
  24. Origin
  25. Pragma
  26. Proxy-Authorization
  27. Range
  28. Referer
  29. TE
  30. Upgrade
  31. User-Agent
  32. Via
  33. Warning
Get started to protecting your digital assets
Start trialSee the plans