Examples
Practical usage examples for smugglex
This guide provides practical examples of using smugglex in different scenarios.
Basic Scans
Simple Scan
Run a basic scan on a target URL:
smugglex https://target.com/
This runs all available checks and reports any vulnerabilities found.
Verbose Output
Enable detailed logging:
smugglex https://target.com/ -v
Save Results
Export results to JSON format:
smugglex https://target.com/ -o results.json
Configuration Examples
Custom HTTP Method
Specify the HTTP method:
smugglex https://target.com/ -m POST
smugglex https://target.com/ -m GET
Custom Headers
Add custom headers to requests:
smugglex https://target.com/ -H "Authorization: Bearer token123"
smugglex https://target.com/ -H "X-Custom: value" -H "User-Agent: custom"
Timeout Configuration
Set request timeout in seconds:
smugglex https://target.com/ -t 15
smugglex https://target.com/ -t 30
Virtual Host Testing
Test different virtual hosts on the same IP:
smugglex https://192.168.1.100/ --vhost example.com
Cookie Support
Fetch and include cookies in requests:
smugglex https://target.com/ --cookies
Scan Configuration
Specific Attack Types
Run specific checks only:
# Test only CL.TE
smugglex https://target.com/ -c cl-te
# Test CL.TE and TE.CL
smugglex https://target.com/ -c cl-te,te-cl
# Test all HTTP/2 related
smugglex https://target.com/ -c h2c,h2
Exit on First Vulnerability
Stop scanning after finding the first vulnerability:
smugglex https://target.com/ --exit-first
smugglex https://target.com/ -1
Export Payloads
Save vulnerable payloads for manual verification:
smugglex https://target.com/ --export-payloads ./payloads
Multiple Targets
Pipeline Input
Read URLs from stdin:
# From a file
cat urls.txt | smugglex
# From echo
echo "https://target.com/" | smugglex
# From other tools
subfinder -d example.com | httpx | smugglex
File Input
Create a file with one URL per line:
# urls.txt
https://target1.com/
https://target2.com/api
https://target3.com/admin
Then pipe it to smugglex:
cat urls.txt | smugglex -v -o results.json
Workflow Examples
Quick Vulnerability Check
smugglex https://target.com/ --exit-first -v
Comprehensive Scan
smugglex https://target.com/ -v -o results.json --export-payloads ./payloads
Authenticated Testing
smugglex https://target.com/ -H "Authorization: Bearer token" --cookies -v
Targeted Testing
smugglex https://target.com/ -c cl-te,te-cl -t 20 -v
Mass Scanning
cat targets.txt | smugglex -o results.json --exit-first
Virtual Host Testing
smugglex https://10.0.0.1/ --vhost internal.example.com -H "X-Forwarded-For: 127.0.0.1"
Exploitation Examples
Localhost Access Exploit
After detecting a smuggling vulnerability, test for SSRF-like attacks:
smugglex https://target.com/ --exploit localhost-access
Custom Ports
Test specific ports:
smugglex https://target.com/ --exploit localhost-access --exploit-ports 22,80,443
Test database services:
smugglex https://target.com/ --exploit localhost-access --exploit-ports 3306,5432,6379,27017
Exploit with Detection
Combine with specific checks and exploitation:
# Only test CL.TE, then exploit if found
smugglex https://target.com/ -c cl-te --exploit localhost-access --exploit-ports 80,443
# Quick scan with exploitation
smugglex https://target.com/ -1 --exploit localhost-access -v
Best Practices
Testing Strategy
- Start with a quick scan using
--exit-first - If vulnerable, run a comprehensive scan
- Export payloads for manual verification
- Document findings with JSON output
Performance Tips
- Use appropriate timeouts for network conditions
- Run specific checks when targeting known vulnerabilities
- Use
--exit-firstfor quick validation - Pipeline multiple targets for efficient scanning
Safety Considerations
- Only test systems you have permission to test
- Use appropriate timeouts to avoid DoS
- Be aware that scans generate significant traffic
- Consider rate limiting for production systems
References
- Options and Flags - All command-line options
- Exploiting - Exploitation features
- Performance Tips - Optimize scanning