neo-cypher / gofuzz Goto Github PK

GOFUZZ is fast web fuzzer which takes in URL as input and test the URL for diffrent set of inputs provided by the user. Currently in Beta phase (now that sounds professional xD)

results:

ah! so we have some forbidden directories ;)

Output is exported to a file and not displayed on the screen to avoid bloating and filling screen with output.

• Add Output file feature where output can be stored in specified file
• Add export type TXT
• Add export type JSON
• Add exclude option which lets user exclude specific response status codes from the results
• Add percentage/progress feature
• Add timeout feature when one URL is not responding for a specific time
• Add GET method feature
• Add redirection URL to the results
• Make a rate limiter
• Add export type CSV
• Add Permuation feature
• Add POST method feature.

and a lot more...

Will add as we go along

Target URL has to be provided using -u option like so:

gofuzz -u "http://targeturl.com/targetpath?q1=<@>&q2=<@>"

What is <@> ?

<@> is placeholder where the test cases will be placed while fuzzing. We'll see how it works on the way. You can place multiple placeholders in the target URL

Numeric values can be passed using -n option like so:

• -n 100 : tests from 0 to 100
• -n 10,200 : tests from 10 to 200
• -n 10,11,20,50 : tests for 10,11,20,50 only

gofuzz -u "httpL//targeturl.com/targetpath?q1=<@>&q2=<@>" -n 100

above tests URL for 2000-3000 replacing placeholders(<@>) with numbers. Here is an gif showing example:

and here we have the results

Suppose I want to test a URL for vulnerabilites like SQL injection or LDAP injection. Common way to do it is test for *,",',=...so on. Doing it manually is no cool. Provide a range of ASCII values using -a option and rest is done by GOFUZZ.

• -a 65 : tests for A only
• -a 65,90 : tests from A to Z
• -a 65,66,67,68 : tests for A,B,C,D only

Results:

You can pass list of characters you want to test for, like so

• -a "{,},^,%,&,*,#,@,!" : tests for {,},^,%,&,*,#,@,! only

NOTE: it is preffered to wrap the input around quotes as shows above to prevent any ambiguity with the shell symbols.

Takes in output directory where the results will be saved. Default is ./output.

usage: gofuzz -u "http://targeturl/targetpath?tq1=<@>&tq2=<@>" -f keywords.txt -o ./custom_output_dir

Takes in txt or json as input.

usage: gofuzz -u "http://targeturl/targetpath?tq1=<@>&tq2=<@>" -f keywords.txt -export txt

Takes in status codes as input and doesn't includes them in the result. Example can be seen in the very first gif of this readme.

Takes in time in milliseconds(ms). How long gofuzz will wait if the connection is not responding. Default 30000 ms or 30 s

Let's set timeout to 1 min or 60 sec or 60000 ms usage: gofuzz -u "http://targeturl/targetpath?tq1=<@>&tq2=<@>" -f keywords.txt -t 60000