This utility is a Bash script designed to automate the process of testing HTTP bad requests against a given host. It's useful for quickly performing a series of tests based on predefined .txt test case files.
- Easily specify the host to test against
- Specify custom port (default is 80)
- Supports wildcards for specifying multiple test cases
- Color-coded output for better readability
- Supports disabling color output
- Bash 4.0 or later
- Ncat version of
ncfrom the Nmap project
-
Clone this repository:
git clone https://github.com/steffenbusch/http-bad-request-tester
-
Navigate into the directory:
cd http-bad-request-tester -
Fix one testcase:
echo -e "GET / HTTP/1.1\r\nHost: example.com\n\n" > mixed-line-endings.txt
To test against a specific host:
./run.sh --host arm.stbu.netTo test against a specific host and port:
./run.sh --host arm.stbu.net --port 8080To specify a single test case:
./run.sh --host arm.stbu.net --testcases good-request.txtTo specify multiple test cases using wildcards:
./run.sh --host arm.stbu.net --testcases "http0.9*"The test cases included in this utility vary in their adherence to HTTP protocol specifications. These test cases have been generated with the assistance of ChatGPT and cover a broad spectrum of request scenarios.
Note: Not all the test cases represent "bad" or "malformed" requests according to the HTTP specifications. Some may be fully compliant requests, while others deliberately deviate from the standard to test how the server handles such cases.
Please read through the test cases to understand their specifics before running them.
For the usage guide:
./run.sh --helpTo disable color output, set the NO_COLOR environment variable:
NO_COLOR=true ./run.sh --host arm.stbu.netThis utility is intended for educational and ethical testing purposes only. Only run it against hosts you own or have explicit permission to test. Unauthorized testing is illegal and unethical.
Use at your own risk. The author of this utility is not responsible for any illegal activities or misuse.