fuzzer

command module

v0.0.0-...-ba5b1b0 Latest Latest Go to latest Published: Feb 14, 2023 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dpanic/fuzzer

README ¶

README

Micro Web Fuzzer written in Go Lang.

Features:

Multi threaded ✅
Filters:
- http codes ✅
- words ✅
- lines ✅
- size of body ✅
Graceful shutdown ✅
Reuse HTTP connection, don't create every request new TCP connection ✅
Shuts down after maximum worktime ✅
Limit requests per second ✅
Low memory footprint ✅
Save output in JSONL ✅
Maximum runtime, stop after reached ✅
Route through HTTP forwarding proxy ✅
Stream Events through buffered channel:
- progress (it / total) ✅
- throughput (reqs / sec) ✅
- errors ✅
Set custom zap Logger ✅
Set custom pre request URL and Proxy URL transfrom ✅
Set custom user agent ✅
Pseudo random user agent, appends suffix to user agent ✅

Priority Todo:

Obey 429 respones [ % ]

Todo:

Custom HTTP headers [ % ]
Set custom DNS resolver [ % ]
Slow down if being blocked [ % ]
Random wait between requests [ % ]

Use:

Command line:

go run main.go \
    -maxReqSec 17 \
    -maxTime 120 \
    -w wordlists/big.txt \
    -u https://google.com/FUZZ \
    -fc 403,404 \
    -ua "custom user agent" \
    -prua true \
    -maxTime 120 \
    -o tmp/test.json \
    -X GET

As a lib:

f, err := fuzzer.New(&fuzzer.Config{
        URL:       *url,
        Method:    *method,
        ProxyURL:  *proxyURL,
        OutFile:   *outFile,
        WordList:  *wordList,
        MaxTime:   time.Duration(*maxTime) * time.Second,
        UserAgent:             *userAgent,
        PseudoRandomUserAgent: *pseudoRandomUserAgent,
        MaxReqSec: *maxReqSec,
        Filters: fuzzer.Filters{
            StatusCodes: fuzzer.GetUniqueNumbers(*filterCodes, ","),
            Words:       fuzzer.GetUniqueNumbers(*filterWords, ","),
            Lines:       fuzzer.GetUniqueNumbers(*filterLines, ","),
            Size:        fuzzer.GetUniqueNumbers(*filterSize, ","),
        },
    })

if err != nil {
    flag.PrintDefaults()
    os.Exit(1)
}

go f.Start()

signalChannel := make(chan os.Signal, 1)
signal.Notify(signalChannel,
    syscall.SIGHUP,
    syscall.SIGINT,
    syscall.SIGTERM,
    syscall.SIGQUIT,
)

exitChannel := make(chan string)
go func() {
    for {
        s := <-signalChannel
        logger.Log.Warn(fmt.Sprintf("received signal %s", s.String()))

        switch s {
        case syscall.SIGHUP:
        case syscall.SIGINT:
            exitChannel <- "SIGINT"
            return
        case syscall.SIGTERM:
            exitChannel <- "SIGTERM"
            return
        case syscall.SIGQUIT:
            exitChannel <- "SIGQUIT"
            return
        }
    }
}()

<-exitChannel
f.Stop()

Custom Proxy URL transform

f.PreExecuteRequestTransform = func (jobURL *string, proxyURL *string, headers *http.Header) {
	(*headers)["Target"] = []string{
		*jobURL,
	}

	*jobURL = *proxyURL
}

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
src
fuzzer
logger
request

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL