Yet another web fuzzer

Overview

yafuzz

Yet another web fuzzer

Usage

This script can run in two modes of operation.

Supplying a wordlist -W argument will initiate a multithreaded fuzzing session.

Lack of wordlist -W tag will run this script in interactive inline mode.

Use Burp Pro instead if you have one.

Key features:

  • Fuzzer will replace all [INJECT] tags with specified payload (supports url, data, headers, cookies)
  • Multiple HTTP methods will result in separate request for each
  • Request body will not be automatically encoded or formated based on content type
  • A wordlist can be supplied as input through -W or --wordlist argument
  • Strings of interest can be extracted through regex pattern through -E or --extract tag
  • Response details or status codes can be filtered by supplying CRC or code in -B or --ban arguments (supports multiple values)
  • Request headers can be set by through -H or --header tags (supports multiple values)
  • Associated cookies can be configured by supplying -C or --cookie argument (supports multiple values)
  • Request data can be set by through -D or --data tag (requires manual content-type header)
  • Fuzzing speed can be controlled by -S or --speed argument which defines amount of concurent threads
  • Request HTTP methods used in fuzzing can be sent by supplying -M or --method tags (supports multiple values)
  • Keyword used for payload replacement can be modified with -T or --TAG argument
  • Redirect handling can be controlled through -R or --redirect tag
  • HTTP request timeout can be set bu supplying -O or --timeout argument
  • Verbose output, including full response body can be enabled by -V or --verbose tag
  • Proxy for outgoing requests can be configured through -X or --proxy argument

Demo

demo

usage: yafuzz.py [-h] --url URL [--wordlist WORDLIST] [--extract EXTRACT]
                 [--ban BANNED] [--header HEADERS] [--cookie COOKIES]
                 [--data DATA] [--speed SPEED] [--method METHOD] [--tag TAG]
                 [--redirect] [--timeout TIMEOUT] [--verbose] [--proxy PROXY]

Yet another HTTP fuzzer

optional arguments:
  -h, --help            show this help message and exit
  --url URL, -U URL     Target HTTP URL address
  --wordlist WORDLIST, -W WORDLIST
                        Wordlist file path
  --extract EXTRACT, -E EXTRACT
                        RegEx pattern to extract from response
  --ban BANNED, -B BANNED
                        Ban specific crc32 hash or response code from output
  --header HEADERS, -H HEADERS
                        HTTP Headers i.e. "TEST: true"
  --cookie COOKIES, -C COOKIES
                        HTTP Cookies i.e. "TEST=true"
  --data DATA, -D DATA  HTTP request body
  --speed SPEED, -S SPEED
                        Number of threads
  --method METHOD, -M METHOD
                        HTTP method to use
  --tag TAG, -T TAG     Tag to search for and replace
  --redirect, -R        Accept HTTP redirects
  --timeout TIMEOUT, -O TIMEOUT
                        Timeout of the HTTP request
  --verbose, -V         Enable verbose output
  --proxy PROXY, -X PROXY
                        Enable HTTP proxy
Owner
FooBallZ
Marek Cybul
FooBallZ
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

πŸ‘‘ Recon πŸ‘‘ The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022
Multi Brute Force Facebook - Crack Facebook With Login - Free For Now

✭ SAKERA CRACK Made With ❀️ By Denventa, Araya, Dapunta Author: - Denventa - Araya Dev - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Cookies ⇨ Ins

Dapunta ID 26 Jan 01, 2023
Visius Heimdall is a tool that checks for risks on your cloud infrastructure

Heimdall Cloud Checker πŸ‡§πŸ‡· About Visius is a Brazilian cybersecurity startup that follows the signs of the crimson thunder ;) 🎸 ! As we value open s

visius 48 Jun 20, 2022
Threat research and reporting from IronNet's Threat Research Teams

IronNet Threat Research πŸ•΅οΈ Overview This repository contains IronNet's Threat Research. Research & Reporting πŸ“ Project Description Cobalt Strike Res

36 Dec 02, 2022
The Easiest Way To Gallery Hacking

The easiest way to HACK A GALLARY, Get every part of your friends' gallery ( 100% Working ) | Tool By John Kener πŸ‡±πŸ‡°

John Kener 34 Nov 30, 2022
This repository is one of a few malware collections on the GitHub.

This repository is one of a few malware collections on the GitHub.

Andrew 1.7k Dec 28, 2022
A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Zepu1chr3 A Radare2 based Python module for Binary Analysis and Reverse Engineering. Installation You can simply run this command. pip3 install zepu1c

Mehmet Ali KERİMOĞLU 5 Aug 25, 2022
Learning to compose soft prompts for compositional zero-shot learning.

Compositional Soft Prompting (CSP) Compositional soft prompting (CSP), a parameter-efficient learning technique to improve the zero-shot compositional

Bats Research 32 Jan 02, 2023
CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE Analyze Usage ------------------------------------------------------------- [*] CVE-2021-220

r0cky 224 Aug 05, 2022
MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions (pdf, doc, docx, etc), and downloads them.

Joe Helle 150 Jan 03, 2023
Code to do NF in HDR,HEVC,HPL,MPL

Netflix-DL 6.0 |HDR-HEVC-MPL-HPL NOT Working| ! Buy working netflix cdm from [em

4 Dec 28, 2021
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Fox-IT 431 Dec 22, 2022
Selamat Datang DiTools Crack-Old, Crack Old Adalah Sebuah Crack Tanpa Login Dan Crack Menggunakan Akun Facebook Tua/Old.

Selamat Datang DiTools Crack-Old, Crack Old Adalah Sebuah Crack Tanpa Login Dan Crack Menggunakan Akun Facebook Tua/Old. ([Welcome to Crack-Old Tools, Old Crack Is A Crack Without Login And Crack Usi

Risky [ Zero Tow ] 7 Dec 25, 2022
An open-source post-exploitation framework for students, researchers and developers.

Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope

dvm 8.1k Dec 31, 2022
Web Headers Security Scanner

Web Headers Security Scanner

Emre Koybasi 3 Dec 16, 2022
These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

Varun Jagtap 5 Oct 08, 2022
Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Take Note! With the exception of issues and PRs regarding changes to hosts/data/StevenBlack/hosts, all other issues regarding the content of the produ

Steven Black 22.1k Jan 02, 2023
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

11 Apr 02, 2022
Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

Horizon 3 AI Inc 210 Dec 31, 2022
SonicWALL SSL-VPN Web Server Vulnerable Exploit

SonicWALL SSL-VPN Web Server Vulnerable Exploit

44 Nov 15, 2022