/urlfuzz

Another web fuzzer written in NodeJS

Primary LanguageJavaScriptGNU General Public License v3.0GPL-3.0

URLFUZZ

License Build Status

💣 Yep, this is another web fuzzer, but using the power of async/non-blocking I/O functions provided by NodeJS allowing you to perform VERY FAST web requests.

FEATURES

Fuzzeable items

  • URL
  • POST data
  • HTTP headers

Filters

You may filter the responses by:

  • Error codes
  • Nº Words
  • Nº Lines
  • Text

Payloads

  • Wordlist
  • Bruteforce
  • Range

INSTALL

☕ Simply install the last node Node.js version and then:

npm i -g urlfuzz

Kali GNU/Linux

curl -sL https://raw.githubusercontent.com/danigargu/urlfuzz/master/artifacts/install/kali.sh | sudo bash -

FROM THE REPO

git clone https://github.com/danigargu/urlfuzz
cd urlfuzz
npm i
node bin

USAGE

🚀 To get a list of all options and switches use:

Usage: urlfuzz <URL> [OPTIONS]

  -H, --headers=ARG+     set headers
  -h, --head             use HEAD instead of GET
  -d, --data=ARG         POST data (format: foo1=bar1&foo2=bar2)
  -w, --wordlist=ARG     use a wordlist
  -l, --lists            show available wordlists
  -b, --bruteforce=ARG   perform bruteforce (format -> min:max:charset)
  -r, --range=ARG        fuzz with range (format -> start:end[:step])
  -o, --download=ARG     download results that matches (output dir)
  -x, --results=ARG      exports results to file (format: csv)
  -p, --proxy=ARG        use proxy (http://host:port)
  -s, --socks=ARG        use socks (host:port)
      --hc=ARG           filter by error codes (comma separated)
      --hw=ARG           filter by words (comma separated)
      --hl=ARG           filter by lines (comma separated)
      --ht=ARG           hide responses that matches str
      --st=ARG           show responses that matches str
      --max-sockets=ARG  max sockets (default: 150)
      --timeout=ARG      timeout (default: X ms)
      --debug            debug mode
  -h, --help             display this help

Fuzzezable items: [url, headers, post_data]
Fuzz tag: #FUZZ#

EXAMPLES

Fuzz using a wordlist:

$ urlfuzz http://localhost/#FUZZ# -w big.txt

Fuzz POST data using wordlist and filter by text:

$ urlfuzz http://localhost/login.php -d "user=admin&pass=#FUZZ#" -w big.txt --ht denied

Fuzz 'User-agent' header and filter by lines:

$ urlfuzz http://localhost/exploit_kit.php -H "User-agent: #FUZZ#" -w user_agents.txt --hl 4

Download matching files with error code 200:

$ urlfuzz http://localhost/file-#FUZZ#.exe -b 1:3:0123456789 --hc 200 -d samples/

Fuzz a user-id with range option:

$ urlfuzz http://localhost/user.php?id=#FUZZ# -r 1:1000 --hc 200 --st Admin

Export results to a CSV file:

$ urlfuzz http://localhost/#FUZZ# -w big.txt -x log

THANKS

💀 Thanks to mandingo & cgvwzq for the ideas during the development of the tool.

AUTHORS

🐧

DEVELOPER GUIDE

😎 If you'd like to help please follow this steps:

  • Get a copy of the code and install the dependencies.
git clone https://github.com/danigargu/urlfuzz
cd urlfuzz
npm i
  • Make your changes.
  • Be sure the tests keep passing:
npm tst
  • Finally, make a GitHub pull request. Commit messages rules:
    • It should be formed by a one-line subject, followed by one line of white space. Followed by one or more descriptive paragraphs, each separated by one line of white space. All of them finished by a dot.
    • If it fixes an issue, it should include a reference to the issue ID in the first line of the commit.
    • It should provide enough information for a reviewer to understand the changes and their relation to the rest of the code.

Debug

We use the visionmedia module, so you have to use this environment variable:

DEBUG=urlfuzz* urlfuzz ...

Conventions

  • We use ESLint and Airbnb style guide.
  • Please run to be sure your code fits with it and the tests keep passing:
npm run pretest