ReqFuzz is a Swiss Army knife for web testing and fuzzing, providing everything you need to run multiple tests on a system. You can intercept any HTTP request using the integrated proxy and fuzz the request file—just put 'FUZZ' where you need it, load a wordlist, and you're good to go. You can specify the number of threads for faster execution and filter the results with conditions.
If that's not enough, you can also apply custom scripts to your wordlists. For example, if you have a wordlist with usernames but want to use base64 encoding instead of plain text, no problem. You can use the predefined script, which will be applied to each item in the wordlist, or create your own scripts in 13 different languages. The script will then be executed in a sandbox environment.
- Intuitive Fuzzing: Automatically test a range of HTTP headers to discover potential security flaws.
- Multithreading Support: Perform multiple fuzzing operations simultaneously, significantly reducing test duration.
- Integrated Proxy: Capture and log HTTP requests in real-time, allowing for detailed analysis of server interactions.
- Scripting Capabilities: Write custom scripts or utilize predefined ones to modify payloads dynamically during fuzzing.
- Integrated sandbox: Your proxy will run in a secure environement .
- Extensible Design: Easily extend and customize the tool with new features as your testing needs evolve.
- Subdomain Enumeration: Automatically generate and test various subdomain possibilities.
- Response Filtering: Focus on specific criteria during testing, such as status codes or response times, for a more targeted analysis.
To get started with ReqFuzz, ensure you have Python 3.x installed on your system. Clone the repository and install any necessary dependencies.
git clone <repository-url>
cd reqfuzz
pip install -r requirements.txtTo start using ReqFuzz, execute the following command in your terminal:
python reqfuzz.py -f <request_file> -p <wordlist><request_file>: A file containing details of the HTTP request, including the method, endpoint, headers, and body.
-
-b <request_file>:- Specifies the main HTTP request to test from a given file.
-
-H <header_file>(optional):- Add extra headers for testing. Each header should be on a new line, formatted as
Header-Name: Header-Value.
- Add extra headers for testing. Each header should be on a new line, formatted as
-
-f <request_file>:- A specific request file to fuzz using designated payloads.
-
-proxy <port>:- Starts an integrated proxy server on the specified port, enabling interception and logging of HTTP requests.
- Example:
python reqfuzz.py -proxy 8000.
-
-p <payload_file>:- Specifies a file containing different payloads to replace the placeholder
FUZZin headers or the body of the request.
- Specifies a file containing different payloads to replace the placeholder
-
-s <domain>:- Enumerate subdomains by substituting
FUZZin the specified domain format.
- Enumerate subdomains by substituting
-
-filter "condition":- Filters responses based on criteria like status codes or response times for focused analysis.
-
-script <script>:- Apply custom scripts to modify payloads for advanced testing. This allows users to write their own scripts or use predefined options.
- Example:
python reqfuzz.py -f request -p <wordlist> -script scripts/md5_hash.py.
-
-t <nb_threads>:- Sets the number of concurrent threads to use during the fuzzing process, optimizing performance.
-
-help:- Displays a help menu with detailed instructions on using ReqFuzz effectively.
-
Fuzz Headers from a Request File:
python reqfuzz.py -b request.txt
-
Add Additional Headers:
python reqfuzz.py -b request.txt -H headers.txt
-
Fuzz Headers Using Payloads:
python reqfuzz.py -f request.txt -p payloads.txt
-
Run an Integrated Proxy:
python reqfuzz.py -proxy 8000
-
Enumerate Subdomains:
python reqfuzz.py -s domain.com -p payloads.txt
-
Filter Responses by Criteria:
python reqfuzz.py -s domain.com -p payloads.txt -filter "status:200; time:<100ms" -
Apply a script on the wordlist:
python reqfuzz.py -f request -p wordlist -script scripts/base64_en.py
-
Use multithreading:
python reqfuzz.py -t 20
-
Display Help Menu:
python reqfuzz.py -help
The integrated proxy feature allows users to intercept and analyze HTTP requests sent to the specified port. When enabled, the request is captured and saved to a file named request, making it easy to review how different requests are processed by the server, and avoid using other third party tools to do so.
With the scripting capability, users can create custom scripts to modify or generate payloads dynamically during fuzzing. This flexibility allows for tailored testing scenarios that adapt to various requirements. Users can also utilize predefined scripts included with ReqFuzz for common tasks.
the code will run on an integrated sandbox, it's minimal and only block socket connections and file operations to critical parts. so you should check your scripts and make sure they are safe.
Python, Ruby, Dart, Perl, PHP, Node.js, Shell Script, R, Lua, Haskell, Elixir, Swift.
note: here are some things to look out for in order to make the scripts work
-
make sure the scripting language that you want to use is already installed in your system
-
your script should
PRINTthe returned value and not justRETURNit
PS: even tho this tool has an integrated sandbox, i cannot be 100% sure that it will block malicious scripts (aside from the provided scripts in /scripts which are secure), i'm not responsible of the scripts you provide, you should NEVER use a script from the internet without knowing what it do, and make sure your wordlist doesn't contain any malicious code.
We welcome and encourage contributions to ReqFuzz! If you'd like to help improve this tool, feel free to fork the repository, make changes, and submit a pull request. Whether it's fixing bugs, adding new features, or improving documentation, your contributions are greatly appreciated. Please make sure to follow our contribution guidelines and ensure your code is well-tested.
also feel free to provide useful scripts that we can add to predefined scripts
Please note that this tool has been tested primarily on Linux environments. While it may work on other platforms, we cannot guarantee full compatibility or functionality on systems like Windows or macOS. Contributions to improve cross-platform support are also welcome!
though ReqFuzz supports 13 scripting languages, so far we have only tested scripts using Python, Bash, and PHP. The other languages should work theoretically, but they haven't been fully tested yet. Contributions to improve cross-platform support and test other languages are welcome!