Five desync classes
Tests CL.TE, TE.CL, TE.TE, H2C and H2 request smuggling.
All projects
Request Smuggling Scanner · Rust
SmuggleX
A Rust-powered HTTP request smuggling scanner. Detects CL.TE, TE.CL, TE.TE, H2C and H2 desync with clean JSON output and proper exit codes for CI.
Rust
115+
MIT
5
Smuggling classes
JSON
Structured output
115+
GitHub stars
CI
Exit codes
Capabilities
Desync detection, built for pipelines
Five smuggling classes, raw-request replay and machine-readable output with exit codes designed to gate a build.
Raw request replay
Replay raw requests exported straight from Burp Suite.
Structured JSON
Machine-readable output drops cleanly into automation and pipelines.
CI-ready exit codes
0 clean, 1 vulnerable, 2 error — gate a build on the result.
Batch from stdin
Pipe a list of targets and scan them in one pass.
Collaborator-friendly
Inject custom headers, including OAST collaborator hosts.
Quickstart
Scan a target, gate your CI
$ brew install hahwul/smugglex/smugglex
# scan a single target
$ smugglex https://target.tld
[!] potential CL.TE desync (confidence: high)
# clean JSON for CI, stop on first hit
$ cat urls.txt | smugglex --json --exit-first
# replay a raw request from Burp
$ smugglex --raw-request request.txt -H 'X-Collab: abcd.oastify.com'
Illustrative output.
Catch the desync first.
Install SmuggleX and add it to your security pipeline.