M. Ángel Jimeno

Hello. As Aaron and I were discussing through DMs, there are some points that we should think about. First, SSRF is really hard to fix using blacklists, but I think...

No. Our idea (or at least mine), is to convert the IP address to decimal number so that we just need to do a check for the forbidden ranges. So,...

Hey, @insp3ctre I did not managed to use octal representations through beeping. I thought it could work because `curl http://017700000001:50000/ ` is the same as `curl http://127.0.0.1:50000`, sorry, it was...

Unfortunately the problem here seems to be Twitter's server. It isn't very reliable. Notice how the same request sometimes results in a 200 OK while other times it gets a...

> if it is server issue, Wonder if it is fixable behaviour or not for httpx 🤔 httpx can't fix server issues. If a server returns an HTTP status code,...

> If it is server issue, then why this issue is only happening with httpx without using -unsafe flag ? Because of the differences between the HTTP request your curl...

Use the `debug-req` flag of httpx or Wireshark and you'll be able to see the traffic. ``` DEBUG: -health-check, -hc run diagnostic check up -debug display request/response content in cli...

Hey @osamahamad if you could please share a reproducible example (template, cli command and target url) I'd be happy to push a fix for this so it works again as...

Please, share a minimal, reproducible example. I won't be scanning a third party without any authorization in such an aggressive way to debug this. @osamahamad

Quick reproducer: ```yml id: jimeno-test info: name: Test for nuclei author: jimeno severity: info requests: - method: GET path: - "{{BaseURL}}/hello" redirects: true max-redirects: 10 matchers: - type: word words:...