A high-concurrency CLI tool for detecting web cache poisoning vulnerabilities.
Project description
CachePoisonDetector (CPD-SEC)
A high-concurrency CLI tool for detecting web cache poisoning vulnerabilities.
Overview
CPD-SEC is a security tool designed to identify vulnerabilities in web caching systems that allow cache poisoning attacks.
Installation
Using Pip (Recommended)
You can install CPD-SEC directly from PyPI:
pip install cpd-sec
From Source
-
Clone the repository:
git clone https://github.com/kankburhan/cpd.git cd cpd
-
Install dependencies using Poetry:
poetry installAlternatively, calculate dependencies to requirements.txt and use pip:
pip install .
Usage
CPD-SEC supports multiple input methods and extensive configuration options.
1. Basic Scan (--url)
Scan a single target URL.
# Installed via pip
cpd-sec scan --url https://example.com
# Using poetry
poetry run cpd-sec scan --url https://example.com
2. Pipeline Mode (Stdin)
Pipe URLs from other tools (like waybackurls, gau, subfinder, or cat) directly into CPD-SEC. This is ideal for mass scanning.
# Scan URLs found by waybackurls
waybackurls target.com | cpd-sec scan
# Scan URLs from a file using cat
cat urls.txt | cpd-sec scan --concurrency 20
3. File Input (--file)
Read URLs from a text file (one URL per line).
cpd-sec scan --file urls.txt
4. Raw Request Scan (--request-file)
Scan using a raw HTTP request definition (e.g., copied from Burp Suite).
# Save your request to a file (e.g. request.txt)
cpd-sec scan --request-file request.txt
Alternative: Direct String (--raw)
Use with caution due to shell escaping characters.
cpd-sec scan --raw "GET /api/foo HTTP/1.1
Host: example.com"
5. Advanced Options
Custom Headers (--header)
Add custom headers to every request (e.g., cookies, authorization). You can use this flag multiple times.
cpd-sec scan -u https://admin.example.com \
-h "Cookie: session=12345" \
-h "Authorization: Bearer XYZ"
Output to File (--output)
Save the findings to a JSON file.
cpd-sec scan -u https://example.com --output results.json
Concurrency (--concurrency)
Control the number of simultaneous requests (default: 50).
cpd-sec scan -f targets.txt --concurrency 100
Verbosity (--verbose, --quiet)
Control output levels.
cpd-sec scan -u https://example.com -v # Debug logging
cpd-sec scan -u https://example.com -q # Only show findings
5. Utilities
Validate Finding (validate)
Manually verify a vulnerability claim step-by-step.
cpd-sec validate --url https://target.com --header "X-Forwarded-Host: evil.com"
Update Tool (update)
Check for and install the latest version of CPD-SEC.
cpd-sec update
Features
- Auto Update Check: Automatically checks for new versions on run.
- High Concurrency: Built with
asyncioandaiohttpfor speed. - Smart Baseline: Establishes a stable baseline to reduce false positives.
- Advanced Poisoning:
- Header Injection:
X-Forwarded-Host,X-Forwarded-Scheme,Fastly-Client-IP, etc. - Path Normalization: Exploits backend URL decoding differences (
/foo\bar). - Fat GET: Sends request bodies with GET requests.
- Unkeyed Query Params: Injects parameters to test cache key inclusion.
- Method Override: Tests
X-HTTP-Method-Override.
- Header Injection:
- Pipeline Ready: Designed to integrate into your reconnaissance workflow.
Contributing
We welcome contributions to improve CPD-SEC, especially for new poisoning signatures and false positive reductions.
Reporting False Positives
If you encounter a false positive (a reported vulnerability that is benign), please open an Issue with:
- Replication Output: The output of the
validatecommand:cpd-sec validate --url <TARGET_URL> --header "KEY: VALUE"
- Context: Why you believe it is benign (e.g., "The server normalizes the path but returns the same content").
Contributing Code
- Fork the repository.
- Clone your fork locally.
- Install dependencies:
poetry install. - Create a Branch for your feature/fix.
- Add/Modify Signatures in
cpd/logic/poison.py. - Add Tests in
tests/to verify your changes. - Submit a Pull Request!
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cpd_sec-0.3.1.tar.gz.
File metadata
- Download URL: cpd_sec-0.3.1.tar.gz
- Upload date:
- Size: 18.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.9.25 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
54f0c4dc2970483e929ce32b3c81d86d22b88b8f3ea98c6bb0fcffc1c4524e0a
|
|
| MD5 |
a67b8317452f7d74d8ed79fef7d86c50
|
|
| BLAKE2b-256 |
c84f944188ffe02a1d71317bc3c088543469de11b866ba7d17dffc2655d28d40
|
File details
Details for the file cpd_sec-0.3.1-py3-none-any.whl.
File metadata
- Download URL: cpd_sec-0.3.1-py3-none-any.whl
- Upload date:
- Size: 20.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.9.25 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
30835c0ac69b78d4cb406b48af49464a02e54242ffe03de295415a77096b14db
|
|
| MD5 |
cbb3b458bd812098395d0189fe85da5e
|
|
| BLAKE2b-256 |
64641ee2fd34b0c4e3d9ea410b9cc54e79166fdf082fc08bd59bc5137cd13852
|
