Features • Quick Start • Installation • Usage • Contributing
- Scan and identify Web Cache Deception and Web Cache Poisoning vulnerabilities
- Simple and user-friendly command-line interface
- Readable result reporting
To set up the project locally, follow these steps:
- Python 3.x must be installed.
- Internet access to install dependencies.
- Clone the repository:
git clone https://github.com/omranisecurity/cacheboom.git cd cacheboom - Install required packages:
pip install -r requirements.txt
After installation, you can run CacheBoom from the command line to scan for Web Cache Deception (WCD) and Web Cache Poisoning (WCP) vulnerabilities.
To scan a single URL for cache poisoning:
python3 cacheboom.py --url https://target.com --mode cpTo scan for cache deception:
python cacheboom.py --url https://target.com --mode cd-
Scan multiple URLs from a file:
python cacheboom.py --list urls.txt --mode cp
urls.txtshould contain one URL per line. -
Use a raw HTTP request file:
python cacheboom.py --raw_request raw_request.txt --mode cp
-
Add cookies to your requests:
python cacheboom.py --url https://target.com --mode cp --cookie "name=value; name2=value2" -
Set the number of threads (default is 10):
python cacheboom.py --url https://target.com --mode cp --thread 20
-
Silent mode (show only results):
python cacheboom.py --url https://target.com --mode cp --silent
To see all available options, run:
python cacheboom.py --helpReplace https://target.com with the target URL you want to test.
For more examples, please refer to the Documentation
- Basic cache poisoning test implemented
- Web Cache Deception detection coming soon
- Implement
--outputflag for saving results - Add advanced cache poisoning tests from research literature
Contributions are welcome! If you have ideas, bug reports, or feature requests, please open an issue in the GitHub Issues section before submitting a pull request. This helps us discuss and track changes