{"id":13639349,"url":"https://github.com/Brum3ns/firefly","last_synced_at":"2025-04-19T22:32:16.731Z","repository":{"id":65804609,"uuid":"600062605","full_name":"Brum3ns/firefly","owner":"Brum3ns","description":"Black box fuzzer for web applications","archived":false,"fork":false,"pushed_at":"2024-07-03T17:28:32.000Z","size":1674,"stargazers_count":385,"open_issues_count":1,"forks_count":32,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-08-03T01:14:29.082Z","etag":null,"topics":["black-box-testing","blackbox","bugbounty","fuzz","fuzzer","fuzzing","penetration-testing","pentesting","security-tools","web-security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Brum3ns.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-10T13:56:11.000Z","updated_at":"2024-07-22T11:13:17.000Z","dependencies_parsed_at":"2023-12-16T21:26:36.466Z","dependency_job_id":"2980d15a-41ea-431e-8e38-74c2e32b0c78","html_url":"https://github.com/Brum3ns/firefly","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brum3ns%2Ffirefly","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brum3ns%2Ffirefly/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brum3ns%2Ffirefly/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brum3ns%2Ffirefly/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Brum3ns","download_url":"https://codeload.github.com/Brum3ns/firefly/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223810372,"owners_count":17206752,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["black-box-testing","blackbox","bugbounty","fuzz","fuzzer","fuzzing","penetration-testing","pentesting","security-tools","web-security"],"created_at":"2024-08-02T01:00:59.801Z","updated_at":"2024-11-09T09:30:51.835Z","avatar_url":"https://github.com/Brum3ns.png","language":"Go","funding_links":[],"categories":["Web安全","Go"],"sub_categories":[],"readme":"\n\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"assets/fireflyLogo.png\" alt=\"firefly\" width=\"220px\"\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n \n\u003cp align=\"center\"\u003e\u0026lt/\n  \u003ca href=\"#advantages\"\u003eAdvantages\u003c/a\u003e |\n  \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e |\n  \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e |\n  \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e |\n  \u003ca href=\"#community\"\u003eCommunity\u003c/a\u003e \u0026gt\n\u003c/p\u003e\n\nFirefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target.\n\n# Advantages\n- [x] Hevy use of gorutines and internal hardware for great preformance\n- [x] Built-in engine that handles each task for \"x\" response results inductively\n- [x] Highly cusomized to handle more complex fuzzing\n- [x] Filter options and request verifications to avoid junk results\n- [x] Friendly error and debug output\n- [x] Build in payloads (default list are mixed with the wordlist from [seclists](https://github.com/danielmiessler/SecLists))\n- [x] Payload tampering and encoding functionality\n\n# Features\n\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"assets/fireflyOptions.png\" alt=\"fireflyOptions\" width=\"100%\"\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n# Installation\n\n```\ngo install -v github.com/Brum3ns/firefly/cmd/firefly@latest\n```\nor\n```\ngo get -v github.com/Brum3ns/firefly/cmd/firefly\n```\n\n\u003c!--\nIf the above install method do not work try the following:\n```\ngit clone https://github.com/Brum3ns/firefly.git\ncd firefly/\ngo build cmd/firefly/firefly.go\n./firefly -h\n```\n--\u003e\n\n\n# Usage\n\n### Simple\n\n```bash\nfirefly -h\n```\n\n```bash\nfirefly -u 'http://example.com/?query=FUZZ'\n```\n\n---\n\n## Advanced usage\n\n### Request\nDifferent types of request input that can be used\n\nBasic\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' --timeout 7000\n```\n\nRequest with different methods and protocols\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -m GET,POST,PUT -p https,http,ws\n```\n\n#### Pipeline\n```bash\necho 'http://example.com/?query=FUZZ' | firefly \n```\n\n#### HTTP Raw\n```bash\nfirefly -r '\nGET /?query=FUZZ HTTP/1.1\nHost: example.com\nUser-Agent: FireFly'\n```\n\nThis will send the HTTP Raw  and auto detect all GET and/or POST parameters to fuzz.\n```bash\nfirefly -r '\nPOST /?A=1 HTTP/1.1\nHost: example.com\nUser-Agent: Firefly\nX-Host: FUZZ\n\nB=2\u0026C=3' -au replace\n```\n\n### Request Verifier\nRequest verifier is the most important part. This feature let Firefly know the core behavior of the target your fuzz. It's important to do quality over quantity. More verfiy requests will lead to better quality at the cost of internal hardware preformance (*depending on your hardware*)\n\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -e \n```\n\n### Payloads\nPayload can be highly customized and with a good core wordlist it's possible to be able to fully adapt the payload wordlist within Firefly itself.\n\n#### Payload debug\n\u003e Display the format of all payloads and exit\n```bash\nfirefly -show-payload\n```\n\n#### Tampers \n\u003e List of all Tampers avalible\n```bash\nfirefly -list-tamper\n```\n\nTamper all paylodas with given type (*More than one can be used separated by comma*)\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -e s2c\n```\n\n#### Encode\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -e hex\n```\nHex then URL encode all payloads\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -e hex,url\n```\n\n#### Payload regex replace\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -pr '\\([0-9]+=[0-9]+\\) =\u003e (13=(37-24))'\n```\n\u003eThe Payloads: `' or (1=1)-- -` and `\" or(20=20)or \"` \n\u003e Will result in: `' or (13=(37-24))-- -`  and `\" or(13=(37-24))or \"`\n\u003e Where the ` =\u003e ` (with spaces) inducate the \"*replace to*\".\n\n\n### Filters\n\u003e Filter options to filter/match requests that include a given rule.\n\nFilter response to **ignore** (filter) `status code 302` and `line count 0`\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -fc 302 -fl 0\n```\n\nFilter responses to **include** (match) `regex`, and `status code 200`\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -mr '[Ee]rror (at|on) line \\d' -mc 200\n```\n\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -mr 'MySQL' -mc 200\n```\n\n\n### Preformance\n\u003e Preformance and time delays to use for the request process\n\nThreads / Concurrency \n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -t 35\n```\n\nTime Delay in millisecounds (ms) for each Concurrency\n```bash\nFireFly -u 'http://example.com/?query=FUZZ' -t 35 -dl 2000\n```\n\n### Wordlists\n\u003e Wordlist that contains the paylaods can be added separatly or extracted from a given folder\n\nSingle Wordlist with its attack type\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -w wordlist.txt:fuzz\n```\n\nExtract all wordlists inside a folder. Attack type is depended on the suffix `\u003ctype\u003e_wordlist.txt`\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -w wl/\n```\nExample\n\u003e Wordlists names inside folder `wl` :\n\u003e 1. fuzz_wordlist.txt\n\u003e 2. time_wordlist.txt\n\n\n### Output\n\u003e JSON output is **strongly recommended**. This is because you can benefit from the `jq` tool to navigate throw the result and compare it.\n\n(*If Firefly is pipeline chained with other tools, standard plaintext may be a better choice.*)\n\nSimple plaintext output format\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -o file.txt\n```\n\nJSON output format (*recommended*)\n```bash\nfirefly -u 'http://example.com/?query=FUZZ' -oJ file.json\n```\n\n# Community\n\nEveryone in the community are allowed to suggest new features, improvements and/or add new payloads to Firefly just make a pull request or add a comment with your suggestions!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBrum3ns%2Ffirefly","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FBrum3ns%2Ffirefly","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBrum3ns%2Ffirefly/lists"}