fix: prevent overriding req.Host in unsafe mode when CustomHeaders has Host

Author: ayanrajpoot10

runner/runner.go

@@ -1637,8 +1637,17 @@ retry:
 		return Result{URL: URL.String(), Input: origInput, Err: err}
 	}
 
+	// Don't override req.Host in unsafe mode if CustomHeaders has Host
+	// This allows AutomaticHostHeader(false) to work (see lines 244-251)
 	if target.CustomHost != "" {
-		req.Host = target.CustomHost
+		if scanopts.Unsafe {
+			// In unsafe mode, only set req.Host if no Host in CustomHeaders
+			if _, hasHost := hp.CustomHeaders["host"]; !hasHost {
+				req.Host = target.CustomHost
+			}
+		} else {
+			req.Host = target.CustomHost
+		}
 	}
 
 	if !scanopts.LeaveDefaultPorts {