用于模糊http/1.1 CL.0 请求走私攻击向量的项目
安装:
git clone https://github.com/Moopinger/CLZero.git
cd CLZero
pip3 install -r requirements.txt
如何使用:
usage: clzero.py [-h] [-url URL] [-file FILE] [-index INDEX] [-verbose] [-no-color]
[-resume] [-skipread] [-quiet] [-lb] [-config CONFIG] [-method METHOD]
CLZero by Moopinger - Thanks: Smuggler - @Defparam. @Albinowax. D3d - @deadvolvo
options:
-h, --help show this help message and exit
-url URL (-u), Single target URL.
-file FILE (-f), Files containing multiple targets.
-index INDEX (-i), Index start point when using a file list.
-verbose (-v), Enable verbose output.
-no-color Disable colors in HTTP Status
-resume Resume scan from last index place.
-skipread Skip the read response on smuggle requests, recommended. This will save a
lot of time between requests. Ideal for targets with standard HTTP
traffic.
-quiet (-q), Disable output. Only successful payloads will be written to
./payloads/
-lb Last byte sync method for least request latency. Due to the nature of the
request, it cannot guarantee that the smuggle request will be processed
first. Ideal for targets with a high amount of traffic, and you do not
mind sending multiple requests.
-config CONFIG (-c) Config file to load, see ./configs/ to create custom payloads
-method METHOD (-m) Method to use when sending the smuggle request. Default: POST
遇到的问题:
这是由于root权限下用户执行pip。这个做法可能会导致权限问题和系统管理器的冲突。
那么如何解决呢———
我们首先需要查找到pip存放的位置
find / -name pip-*
安装一下python3.10-venv
然后切换到你这个项目的文件位置下打开终端
执行下方命令
创建一个venv的虚拟环境:
python -m venv venv
激活一下虚拟环境:
sourc venv/bin/activate
现在看一下终端提示符是否变化,如果变化则你处于这个环境内—
然后就可以在虚拟环境中执行pip命令了
完成后我们需要用一下命令来退出虚拟环境:
deactivate
就这样完美解决了