endsfuzzer is a tool used to fuzz a list of hosts for endpoints gently. It checks all the hosts in a list for a single endpoint, then moves on to the next endpoint to check for.
- Fast. Makes use of go routines.
- Gentle to servers. Fuzzes all hosts for an endpoint at a time.
- Thorough. Checks HTTPS (port 443) and HTTP (port 80).
endsfuzzer requires Golang to run.
go get -u github.com/ameenalkurdy/endsfuzzer
Usage of endsfuzzer:
-dL string
Path to domains list (required)
-eL string
Path to endpoints list (required)
-threads int
Threads Number (default 40)
-timeout int
Connection timeout in seconds (default 15)
The fuzzed hosts in the file must not have a scheme (https/http).
endsfuzzer -dL domains.txt -eL quickhits.txt
endsfuzzer -dL domains.txt -eL quickhits.txt -timeout 20 -threads 50
Output:
https://about.example.com/admin 403
http://dev.example.com/admin 302 -> https://www.example.com/
https://secure.example.com/admin 200
https://about.example.com/cgi-bin 403
http://dev.example.com/cgi-bin 302 -> https://www.example.com/
https://secure.example.com/cgi-bin 403