A CL.CL request smuggling scanner which uses invalid values in the "Content-Length" header for detection.
$ junker -h
Usage of junker:
-b, --batch-size int The number of input lines to process at once, shuffling the tests for each (default 200)
-H, --headers strings Extra headers to include in requests - to add multiple headers specify multiple times
-m, --methods strings HTTP method to test - to test multiple methods specify multiple times (default [POST])
-n, --no-resolve Don't resolve domains, instead expect the input to be in the format <ip>,<url>
-o, --output string The file to output results to, in JSON format - use '-' for stdout (default "junker.json")
-r, --runs int The number of times to check before flagging a result as vulnerable (default 3)
-t, --timeout duration The timeout value to use for HTTP requests (default 5s)
-c, --workers int The number of concurrent wokers (default 10)