[BUG] Adding leading slash to path #6558
Description
Discussed in https://github.com/orgs/projectdiscovery/discussions/6557
Originally posted by NLXZ October 27, 2025
Is there an existing issue for this?
- I have searched the existing issues.
Current Behavior
I'd like to know if there's some way to avoid nuclei adding a slash / after the method in raw http requests (eg: GET anything HTTP/1.1 -> GET /anything HTTP/1.1)
GET /http://127.0.0.1/get HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0
Connection: close
Expected Behavior
The expected behavior, in my case at least, is to be able to send real raw requests, even if they are "wrong":
GET http://127.0.0.1/get HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0
Connection: close
Steps To Reproduce
Create a template like this:
id: host-injection
info:
name: Host Injection
author: NLXZ
severity: medium
http:
- raw:
- |+
GET {{Scheme}}://127.0.0.1{{Path}} HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0
Connection: close
disable-path-automerge: true
unsafe: true
$ nuclei -u "http://httpbin.org/get" -t test.yaml -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.4.10
projectdiscovery.io
[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.3.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 124
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [host-header-injection] Dumped HTTP request for http://httpbin.org/http://127.0.0.1/
GET /http://127.0.0.1/ HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0
Connection: close
[DBG] [host-header-injection] Dumped HTTP response http://httpbin.org/http://127.0.0.1/
HTTP/1.1 404 NOT FOUND
Content-Length: 233
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/html
Date: Fri, 24 Oct 2025 14:42:26 GMT
Server: gunicorn/19.9.0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
[INF] Scan completed in 10.110711622s. No results found.
The only thing that worked, was removing all the path from the target URL:
$ nuclei -u "http://httpbin.org" -t test.yaml -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.4.10
projectdiscovery.io
[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.3.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 124
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [host-header-injection] Dumped HTTP request for http://httpbin.org
GET http://127.0.0.1 HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0
Connection: close
[DBG] [host-header-injection] Dumped HTTP response http://httpbin.org
HTTP/1.1 200 OK
Content-Length: 9593
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/html; charset=utf-8
Date: Fri, 24 Oct 2025 14:42:48 GMT
Server: gunicorn/19.9.0
<!DOCTYPE html>
<html lang="en">
[...]
Relevant log output
Environment
- OS: Kali 2025.3
- Nuclei: v3.4.10
- Go: go1.24.7Anything else?
No response