Shuriken
Web Fuzzer
Presentation
Shuriken is a threaded web fuzzer that includes proxies support and with which you will be able to do some recon : sqli, web discovery, password cracking, ...
Usage
Linux :
Install
Set execution perms : chmod +x install.sh
Run install .sh : sudo bash install.shor
python3 EasySetup.pyUninstall
Set execution perms : chmod +x uninstall.sh
Run install .sh : sudo bash uninstall.shor
python3 EasySetup.pyWindows :
run shuriken from terminal or wslExamples
Directory Fuzzing :
shuriken -u http://mysite/NINJA -w dirlistSql injection Discovery :
shuriken -u http://mysite/index.php?id=NINJA -w sqlipayloadsPassword Cracking :
shuriken -u http://mysite/logon.php?user=admin&password=NINJA -w passwordsTest Site:
python3 testsite.pyBenchmark
Laptop :
- RAM : 4Go
- PROC : A9-9420 3,6Ghz 2Cores
- GRAPHICS : AMD Radeon R5
Wordlist : 200 491 words
Stats
| Tool | Time |
|---|---|
| Shuriken | 42,14 sec |
| Dirb | 108,42 sec |
| ffuf | 26,81 sec |
Compatibility
| Options | Shuriken | KATANA |
|---|---|---|
| proxy | OO | XX |
| pattern | OO | XX |
| bytechange | XX | OO |
| delay | OO | XX |
| threaded | XX | OO |
| Option | Shuriken | Katana |
|---|---|---|
| speed | 1000 w/s | 4800 w/s |
| Detected | 40% | 100% |
| For CTF | No | Yes |
| For Reconnaissance | Yes | No |
Media
Invalid Proxy Detection
Without Proxy
With Proxy
Invalid Syntax
Threading mode (200 000 words)
Contributing
- Fork it (https://github.com/yourname/yourproject/fork)
- Create your feature branch (
git checkout -b feature/fooBar) - Commit your changes (
git commit -am 'Add some fooBar') - Push to the branch (
git push origin feature/fooBar) - Create a new Pull Request