hunt-host-header
CommunityIdentify and exploit Host Header Injection vulnerabilities.
Authorsseshachala
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Host header handling flaws can enable password-reset poisoning, cache poisoning, SSRF, and OAuth redirect manipulation, compromising user accounts and application integrity.
Core Features & Use Cases
- End-to-end host header testing methodology to identify weaknesses in password-reset flows, caching proxies, routing logic, and OAuth redirect handling.
- Signals and validation steps to detect header reflections, cacheability, and SSRF potential across common deployment topologies.
- Real-world use case: assess a web app behind a CDN or reverse proxy where Host-related headers influence security controls.
Quick Start
Test host header handling end-to-end by following the five phases from password-reset poisoning through OAuth redirect poisoning.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-host-header Download link: https://github.com/sseshachala/Claude-BugHunter-archive/archive/main.zip#hunt-host-header Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.