Skip to content

codesoap/pfuzz

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flags.go
flags.go
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

pfuzz is a web fuzzer inspired by ffuf, which outputs the generated requests to stdout in the httpipe format instead of sending them.

Examples

$ # Fuzzing paths with a wordlist: $ pfuzz -w /path/to/wordlist -u https://foo.io:1234/FUZZ {"host":"foo.io","port":"1234","req":"GET /api HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true} {"host":"foo.io","port":"1234","req":"GET /login HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true} {"host":"foo.io","port":"1234","req":"GET /home HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true} ... $ # Using words from stdin to fuzz the Authorization header: $ generate-tokens | pfuzz -w - -u http://foo.io -H 'Authorization: Bearer FUZZ' {"host":"foo.io","req":"GET / HTTP/1.1\r\nHost: foo.io\r\nAuthorization: Bearer abc123\r\n\r\n","tls":false} {"host":"foo.io","req":"GET / HTTP/1.1\r\nHost: foo.io\r\nAuthorization: Bearer xyz1337\r\n\r\n","tls":false} ... $ # Using multiple wordlists to fuzz paths across multiple subdomains: $ pfuzz -w /path/to/subdomains:SUB -w /path/to/paths:PATH -u http://SUB.foo.io/PATH {"host":"doc.foo.io","req":"GET /api HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false} {"host":"doc.foo.io","req":"GET /login HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false} {"host":"doc.foo.io","req":"GET /home HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false} {"host":"forum.foo.io","req":"GET /api HTTP/1.1\r\nHost: forum.foo.io\r\n\r\n","tls":false} ...

Installation

You can download precompiled binaries from the releases page or install it with go install github.com/codesoap/pfuzz@latest.

Usage

$ pfuzz -h Usage of pfuzz:  -H value  An HTTP header to use, e.g. 'Content-Type: application/json'.  -X string  The HTTP method to use. (default "GET")  -d string  Payload data as given, without any encoding.  Mostly used for POST requests.  -u string  The URL of the target.  -w value  The path to a wordlist, and optionally a colon followed  by a custom placeholder, e.g. '/path/to/username/list:USER'. Zero, one or more wordlists can be provided. If no custom placeholder is given, FUZZ is used instead; if multiple wordlists have no custom placeholder, FUZZ2, FUZZ3, etc. will be assigned. If multiple wordlists are used, all permutations will be generated. One wordlist can use '-' instead of a path. It's words will be read from standard input. If no wordlist is used, only one request will be generated.

About

A web fuzzer using the httpipe format

Topics

pentesting fuzzer unix-philosophy httpipe

Resources

Readme

License

MIT license
Activity

Stars

101 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

v0.1.0 Latest
Jan 21, 2024

Packages

No packages published

Contributors 2

  •  
  •  

Languages