Feroxbuster vs Smuggler
GitHub Stats
About Feroxbuster
Feroxbuster is a tool designed to perform forced browsing (directory/file enumeration) and content discovery. It is built in Rust for maximum performance and includes features like automatic recursion, wildcard filtering, output file support, and resume capability. Unlike other brute-forcers, feroxbuster automatically discovers and recurses into new directories as it finds them, building a complete picture of the target's file structure.
About Smuggler
Smuggler is an HTTP request smuggling / desync testing tool written in Python. It tests for vulnerabilities where a front-end server and back-end server disagree on how to parse HTTP requests, specifically around Content-Length and Transfer-Encoding header handling. This disagreement can allow an attacker to 'smuggle' a second request inside the first, potentially bypassing security controls, poisoning web caches, hijacking other users' requests, or accessing internal endpoints. Smuggler tests for CL.TE (Content-Length / Transfer-Encoding), TE.CL (Transfer-Encoding / Content-Length), and TE.TE (Transfer-Encoding / Transfer-Encoding with obfuscation) variants. It sends carefully crafted requests and analyzes timing differences and response behavior to detect desync conditions. The tool is essential for testing modern web architectures that use reverse proxies, CDNs, and load balancers.
Platform Support
Tags
Feroxbuster only
Smuggler only