You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to know if there's some way to avoid nuclei adding a slash / after the method in raw http requests (eg: GET anything HTTP/1.1 -> GET /anything HTTP/1.1)
I tried using advanced http requests, unsafe: true and disable-path-automerge: true, but the only thing that worked, but not enough for me, was removing all the path from the target URL:
$ nuclei -u "http://httpbin.org/get" -t test.yaml -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.4.10
projectdiscovery.io
[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.3.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 124
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [host-header-injection] Dumped HTTP request for http://httpbin.org/http://127.0.0.1/
GET /http://127.0.0.1/ HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0
Connection: close
[DBG] [host-header-injection] Dumped HTTP response http://httpbin.org/http://127.0.0.1/
HTTP/1.1 404 NOT FOUND
Content-Length: 233
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/html
Date: Fri, 24 Oct 2025 14:42:26 GMT
Server: gunicorn/19.9.0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
[INF] Scan completed in 10.110711622s. No results found.
$ nuclei -u "http://httpbin.org" -t test.yaml -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.4.10
projectdiscovery.io
[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.3.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 124
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [host-header-injection] Dumped HTTP request for http://httpbin.org
GET http://127.0.0.1 HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0
Connection: close
[DBG] [host-header-injection] Dumped HTTP response http://httpbin.org
HTTP/1.1 200 OK
Content-Length: 9593
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/html; charset=utf-8
Date: Fri, 24 Oct 2025 14:42:48 GMT
Server: gunicorn/19.9.0
<!DOCTYPE html>
<html lang="en">
[...]
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I'd like to know if there's some way to avoid nuclei adding a slash
/after the method in raw http requests (eg:GET anything HTTP/1.1->GET /anything HTTP/1.1)I tried using advanced http requests,
unsafe: trueanddisable-path-automerge: true, but the only thing that worked, but not enough for me, was removing all the path from the target URL:Beta Was this translation helpful? Give feedback.
All reactions