To install `headerpwn``, run the following command:
go install github.com/devanshbatham/headerpwn@latest
headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool:
- Provide the target URL using the
-url
flag. - Create a file containing the headers you want to test, one header per line. Use the
-headers
flag to specify the path to this file.
Example usage:
headerpwn -url https://example.com -headers my_headers.txt
- Format of
my_headers.txt
should be like below:
Proxy-Authenticate: foobar
Proxy-Authentication-Required: foobar
Proxy-Authorization: foobar
Proxy-Connection: foobar
Proxy-Host: foobar
Proxy-Http: foobar
The headers.txt
fileis compiled from various sources, including the Seclists project (https://github.com/danielmiessler/SecLists). These headers are used for testing purposes and provide a variety of scenarios for analyzing how servers respond to different headers.