#!/bin/bash
# detect_http2_bomb.sh

echo "[*] Escaneando $1 para CVE-2026-49975"

# Verificar servidor web
SERVER=$(curl -s -I https://$1 2>/dev/null | grep -i "Server:")

echo "[*] Servidor detectado: $SERVER"

# Verificar HTTP/2
if curl -s --http2 -I https://$1 2>/dev/null | grep -q "HTTP/2"; then
    echo "[!] ALERTA: HTTP/2 habilitado - servidor potencialmente vulnerable"
else
    echo "[✓] HTTP/2 no habilitado"
fi