Skip to content

Henelik/penbomb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
handlers
handlers
 
 
payloads
payloads
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Taskfile.yml
Taskfile.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

penbomb

Test, Build & Release Go Report Card License: MIT NON-AI

Penbomb is a Go HTTP handler that returns a zip bomb.

It is designed to punish pentesters scraping sites at endpoints that would normally just return a 404 in a Go app, e.g. /.env or /wp-admin.

Depending on the incoming Accept-Encoding header, it will prefer to send a brotli payload. If brotli is not accepted, it will send a gzip payload.

Brotli payload sourced from: zipbomb.me © 2019-2025 by Austin Hartzheim, licensed under CC BY-NC-SA 4.0

About

Small but deadly zip bomb HTTP handler for Go.

Resources

Readme

License

View license
Activity

Stars

4 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages