vurl-offensive (Active Hunting)

vurl-offensive is a dynamic MCP plugin that exposes ~46 specialized offensive hunting tools built on top of the vurl toolkit (Vector URL — security-centric URL parser and differential fuzzer). Where the built-in scanner is opinionated and broad-stroke, vurl-offensive is precise, hand-crafted, and aimed at high-value bug classes.

🔗Loading the Plugin

vurl-offensive ships as a .dylib (macOS), .so (Linux), or .dll (Windows) — not compiled into the hugin binary. To enable:

  1. Build from source: cargo build --release -p vurl-offensive in the Hugin workspace, or use the prebuilt artifact bundled with a Pro release.
  2. Copy the artifact into ~/.hugin/plugins/.
  3. Restart Hugin’s MCP server (or use hugin plugin mcp install <path>).

Pro license required.

🔗Tool Categories

vurl-offensive exposes ~46 individual MCP tools grouped by attack surface. Each tool is a self-contained checker with its own MCP action set.

🔗URL Parsing & Differentials

  • mutator — mutation-based URL fuzzing (8 strategies, 120 seed URLs)
  • diff / diffing — differential URL parsing across 7+ implementations (RFC 3986 strict, WHATWG, legacy permissive, plus host-language parsers)
  • compare — multi-parser comparison with vulnerability indicators
  • chain — chained URL transformations
  • evade — WAF-bypass URL candidate generation
  • redirect — open-redirect probe variants

🔗Browser & Identity

  • mirage — browser fingerprint impersonation (TLS JA3/JA4, HTTP/2 SETTINGS, Web Worker bypasses, native automation)
  • fingerprint — server/edge stack fingerprinting
  • identity — credential and session juggling

🔗HTTP Smuggling & Desync

  • rust_http — HTTP parser differential smuggling between httparse/hyper and proxies
  • smuggle — CL.TE / TE.CL / TE.TE desync detection with raw sockets
  • csd — Client-Side Desync browser-pool poisoning
  • h2 — HTTP/2-specific attacks (HPACK bomb, pseudo-header smuggling, stream multiplexing abuse)
  • hopbyhop — Hop-by-Hop header stripping (CVE-2022-31813, CVE-2024-45410, CVE-2024-7207)

🔗Cloud & Infrastructure

  • cloud — 100+ cloud metadata endpoints (AWS IMDSv1/v2, GCP, Azure, K8s, Docker)
  • k8s — Kubernetes SSRF (Ingress, StorageClass, Webhook specs — CVE-2025-1974 style)
  • edge — CDN/edge-server probes
  • rebind / rebind_v2 — DNS rebinding URL generation (1u.ms, rbndr.us, nip.io)
  • sni — TLS SNI manipulation for Host-header validation bypass

🔗Protocol-Specific

  • quic — QUIC fingerprinting and probing
  • grpc — gRPC gateway vs backend differential smuggling (Envoy, grpc-gateway, tonic)
  • payload — protocol smuggling payload generation (Gopher → Redis/Memcached/SMTP)

🔗Web App Attack Surface

  • race — race-condition multi-endpoint concurrent testing
  • wcd — Web Cache Deception payloads
  • csp_nonce — CSP nonce reuse / extraction
  • postmessagepostMessage source/sink discovery
  • ssrf_detect — SSRF probe constructor with viben markers
  • mcp_rce — RCE patterns specific to MCP servers
  • llm — LLM/prompt-injection payloads
  • shadow_ai — shadow AI endpoint discovery
  • vectordb — vector database endpoint detection
  • ai_gateway — AI gateway fingerprinting
  • fluentbit — Fluent Bit CVE detection
  • charset — charset-based RCE
  • nextjs_middleware / nextjs_rsc — Next.js middleware bypass and RSC payloads
  • hydration — client-side hydration mismatch attacks
  • sharepoint — SharePoint-specific CVE chains

🔗Recon & Reflection

  • hunt — multi-vector hunting orchestration
  • endpointer — endpoint discovery
  • js_endpoints / js_sinks — JavaScript endpoint and sink extraction
  • rust_panic — Rust panic endpoint detection
  • waf_evasion — WAF detection + evasion strategy selection
  • http — vurl HTTP client (raw socket sends, JA3/JA4 control)
  • hunt — orchestrated multi-tool runs against a target

🔗Using vurl-offensive Tools

Each tool is invoked through MCP with its own action set. Examples:

mirage action:"profile" name:"chrome_119_macos"
mirage action:"send" url:"https://target.example.com/api" profile:"chrome_119_macos"
smuggle action:"detect" target:"https://target.example.com" technique:"clte"
k8s action:"ingress_ssrf" target:"https://target/api/exec"

The exact action set varies per tool — query each with <tool> action:"help" or refer to the tool’s MCP description.

🔗Built-in vurl_* Tools (Always Available)

A subset of vurl functionality is also exposed directly from the main hugin binary (no plugin install required):

  • vurl_harvest — credential / token harvesting
  • vurl_http — raw HTTP send via vurl client
  • vurl_http_raw — raw socket HTTP send
  • vurl_http_compare — compare responses across multiple sends
  • vurl_crawl — crawl session management
  • vurl_oastify — OOB callback payload generation

These run without the dynamic plugin and require no Pro license.

🔗Standalone vurl CLI

The underlying vurl binary (separate from Hugin) can also be used standalone for quick one-off testing:

# Multi-parser differential
vurl compare "http://google.com。evil.com"

# Parse a URL across all modes
vurl parse "http://evil.com@good.com" --all-modes

# Find parsing discrepancies across implementations
vurl diff "http://127.0.0.1:80x/admin"

# Generate WAF-bypass candidates
vurl evade "http://target.com/admin" --only-success

Install with cargo install vurl or build from source.

🔗Architecture Note

vurl-offensive is one of three scanning systems in Hugin:

  • Built-in Scanner – 41 active + 36 passive checks compiled into the binary
  • Synaps – WASM community modules, sandboxed
  • vurl-offensive (this chapter) – 46 hand-crafted hunting tools as a dynamic MCP plugin

Findings from all three systems land in the unified Findings tab.