loading
loading
Vulnerabilities
Host header injection scanning tool that also checks for CORS misconfiguration.
overview
xforwardy looks for places where an application trusts the Host header when it should not. By manipulating the Host and related forwarding headers and watching how the response changes, it flags configurations where header injection is possible, the root cause behind web cache poisoning, password-reset poisoning, and routing to attacker-controlled hosts. It also checks each URL for CORS misconfiguration in the same pass.
The interface stays small on purpose. You give it one target URL with -u or a file of URLs with -i and it does the probing, so it drops cleanly onto the output of a crawler or a live-host prober. That makes it easy to run a Host-header check across a whole discovered surface rather than testing endpoints by hand.
Feed it live URLs from an earlier stage, then route any flagged misconfigurations into triage. On Trickest the Vulnerabilities node takes a URL or a list and writes a file and a folder of results.
use cases
Probe a URL with manipulated Host and forwarding headers to flag where the app reflects or trusts them, the precondition for cache and reset poisoning.
Feed a file of live URLs so a whole crawled or probed surface gets the Host-header check in one node instead of endpoint by endpoint.
Run the built-in CORS check alongside the Host-header test so overly permissive cross-origin policies surface in the same pass.
Emit results downstream so flagged misconfigurations land alongside other vulnerability findings for review and prioritization.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| target-url | STRING | -u | URL of target website. |
| target-urls | FILE | -i | Input file of the URLs. |
Showing key inputs. xforwardy exposes 2 inputs in total.
example
# scan a URL list for Host header injection and CORS issuesxforwardy -i urls.txt[+] https://www.example.com - Host header reflection suspected[+] https://app.example.com/login - possible Host header injection[+] https://api.example.com - CORS ACAO reflects Origin[-] https://static.example.com - no Host/CORS issue flagged[*] https://staging.example.com - interesting forwarding header behavior[*] 3 findings across 5 URLsguidance
Use xforwardy when you want to test for Host header injection and CORS misconfiguration across a set of URLs. For broad template-based vulnerability coverage, run nuclei alongside it.
Template scanner with Host-header and CORS templates among thousands of others. Broader, less specialized than xforwardy.
Hidden parameter discovery. Complements xforwardy when an injection needs a parameter as well as a header.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
A file of URLs feeds xforwardy, which probes each for Host header injection and CORS misconfiguration and writes the flagged findings as an output.
Facts on this page come from the live Trickest tool library.