urlfuzz v0.0.0

URLFUZZ

:bomb: Yep, this is another web fuzzer, but using the power of async/non-blocking I/O functions provided by NodeJS allowing you to perform VERY FAST web requests.

FEATURES

Fuzzeable items

• URL
• POST data
• HTTP headers

Filters

You may filter the responses by:

• Error codes
• Nº Words
• Nº Lines
• Text

Payloads

• Wordlist
• Bruteforce
• Range

INSTALL

:coffee: Simply install the last node Node.js version and then:

npm i -g urlfuzz

Kali GNU/Linux

curl -sL https://raw.githubusercontent.com/danigargu/urlfuzz/master/artifacts/install/kali.sh | sudo bash -

FROM THE REPO

git clone https://github.com/danigargu/urlfuzz
cd urlfuzz
npm i
node bin

USAGE

:rocket: To get a list of all options and switches use:

Usage: urlfuzz <URL> [OPTIONS]

  -H, --headers=ARG+     set headers
  -h, --head             use HEAD instead of GET
  -d, --data=ARG         POST data (format: foo1=bar1&foo2=bar2)
  -w, --wordlist=ARG     use a wordlist
  -l, --lists            show available wordlists
  -b, --bruteforce=ARG   perform bruteforce (format -> min:max:charset)
  -r, --range=ARG        fuzz with range (format -> start:end[:step])
  -o, --download=ARG     download results that matches (output dir)
  -x, --results=ARG      exports results to file (format: csv)
  -p, --proxy=ARG        use proxy (http://host:port)
  -s, --socks=ARG        use socks (host:port)
      --hc=ARG           filter by error codes (comma separated)
      --hw=ARG           filter by words (comma separated)
      --hl=ARG           filter by lines (comma separated)
      --ht=ARG           hide responses that matches str
      --st=ARG           show responses that matches str
      --max-sockets=ARG  max sockets (default: 150)
      --timeout=ARG      timeout (default: X ms)
      --debug            debug mode
  -h, --help             display this help

Fuzzezable items: [url, headers, post_data]
Fuzz tag: #FUZZ#

EXAMPLES

Fuzz using a wordlist:

$ urlfuzz http://localhost/#FUZZ# -w big.txt

Fuzz POST data using wordlist and filter by text:

$ urlfuzz http://localhost/login.php -d "user=admin&pass=#FUZZ#" -w big.txt --ht denied

Fuzz 'User-agent' header and filter by lines:

$ urlfuzz http://localhost/exploit_kit.php -H "User-agent: #FUZZ#" -w user_agents.txt --hl 4

Download matching files with error code 200:

$ urlfuzz http://localhost/file-#FUZZ#.exe -b 1:3:0123456789 --hc 200 -d samples/

Fuzz a user-id with range option:

$ urlfuzz http://localhost/user.php?id=#FUZZ# -r 1:1000 --hc 200 --st Admin

Export results to a CSV file:

$ urlfuzz http://localhost/#FUZZ# -w big.txt -x log

THANKS

:skull: Thanks to mandingo & cgvwzq for the ideas during the development of the tool.

AUTHORS

:penguin:

• Daniel García <@danigargu>
• Contributors

DEVELOPER GUIDE

:sunglasses: If you'd like to help please follow this steps:

• Get a copy of the code and install the dependencies.

git clone https://github.com/danigargu/urlfuzz
cd urlfuzz
npm i

• Make your changes.
• Be sure the tests keep passing:

npm tst

• Finally, make a GitHub pull request. Commit messages rules:
  • It should be formed by a one-line subject, followed by one line of white space. Followed by one or more descriptive paragraphs, each separated by one line of white space. All of them finished by a dot.
  • If it fixes an issue, it should include a reference to the issue ID in the first line of the commit.
  • It should provide enough information for a reviewer to understand the changes and their relation to the rest of the code.

Debug

We use the visionmedia module, so you have to use this environment variable:

DEBUG=urlfuzz* urlfuzz ...

Conventions

• We use ESLint and Airbnb style guide.
• Please run to be sure your code fits with it and the tests keep passing:

npm run pretest