ToxFuzz is a basic API fuzzer written in Python using standard libraries. It's designed to help you identify potential vulnerabilities in your web APIs by sending various input payloads and observing the behavior of the API in response. This tool is lightweight and easy to use, making it a valuable addition to your security testing toolkit. It may also be used for bug bounty purposes, but I take no responsibility for any unauthorized access the use of this tool may warrant.
- Send a variety of payloads to your API endpoint.
- Observe the API's response for potential vulnerabilities.
- Built with standard Python libraries for easy setup and usage.
Follow these simple steps to get ToxFuzz up and running:
- Python 3.x is installed on your system with standard libaries (requests & sys).
-
Clone the repository to your local machine:
git clone https://github.com/pwnedbytoxic/toxfuzz.git
-
cdinto the directory:cd toxfuzz -
Run the program with the following syntax:
cat medium.txt | python3 toxfuzz.py
- You must change
https://example.com/api/into your own api
- Toxfuzz will start sending the payloads to the specified API endpoint and display the responses.
Happy hacking!!!