{"id":19544843,"url":"https://github.com/ariary/cfuzz","last_synced_at":"2025-10-10T05:16:29.302Z","repository":{"id":43416320,"uuid":"460030986","full_name":"ariary/cfuzz","owner":"ariary","description":" Command line fuzzer and bruteforcer 🌪 wfuzz for command","archived":false,"fork":false,"pushed_at":"2022-09-19T08:06:10.000Z","size":1126,"stargazers_count":85,"open_issues_count":5,"forks_count":9,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-04T17:11:33.027Z","etag":null,"topics":["bruteforce","bruteforcing","cli","fuzzing","hacking","pentest","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ariary.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-16T14:08:57.000Z","updated_at":"2024-11-22T19:00:48.000Z","dependencies_parsed_at":"2023-01-18T14:01:35.862Z","dependency_job_id":null,"html_url":"https://github.com/ariary/cfuzz","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ariary%2Fcfuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ariary%2Fcfuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ariary%2Fcfuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ariary%2Fcfuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ariary","download_url":"https://codeload.github.com/ariary/cfuzz/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251041419,"owners_count":21527189,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bruteforce","bruteforcing","cli","fuzzing","hacking","pentest","security"],"created_at":"2024-11-11T03:32:25.818Z","updated_at":"2025-10-10T05:16:29.248Z","avatar_url":"https://github.com/ariary.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cfuzz\n\n\u003cdiv align=center\u003e\n\u003cimg src= https://github.com/ariary/cfuzz/blob/main/img/CF-logo.png width=300\u003e\n\n\u003cbr\u003e\n\n\nThe same thing as [`wfuzz`](https://github.com/xmendez/wfuzz) **but for command line fuzzing. This enables to fuzz any command line execution and filter results.**\n\u003cbr\u003e*Also a good friend for bruteforcing*\n  \n\u003cstrong\u003e\u003ccode\u003e{ \u003ca href=\"#install\"\u003eInstall it\u003c/a\u003e ; \u003ca href=\"#usage\"\u003eUse it\u003c/a\u003e } \u003c/code\u003e\u003c/strong\u003e\n\n\u003c/div\u003e\n\n**Why?**\u003cbr\u003e\nTo perform fuzzing or bruteforcing we have plenty of awesome tools ([`fuff`](https://github.com/ffuf/ffuf) and [`wfuzz`](https://github.com/xmendez/wfuzz) for web fuzzing, [`hydra`](https://github.com/vanhauser-thc/thc-hydra) for network bruteforcing, to mention just a few). **`cfuzz`** is a tool that propose a different approach with a step-back. **The aim is to be able to fuzz/bruteforce anything that can be  transcribed in command line**.\n\nConsequently, `cfuzz` can be seen either as an alternative of these tools for simple use case or an extension cause it handles a huge range of use cases\n\n\u003csub\u003e*Origins of the idea: when bruteforcing ipmi service to enumerate users. 3 options: use `msfconsole`, write module for `hydra`, manually or programmaticaly parse `ipmitool` tool output*\u003c/sub\u003e\n\n## Demo\n\u003cdiv align=center\u003e\n\n|user password bruteforcing|\n|:---:| \n|![demo](https://github.com/ariary/cfuzz/blob/main/img/cfuzz-user-demo.gif)|\n\n\u003c/div\u003e\n\n## Install\n\nFrom release:\n```shell\ncurl -lO -L -s https://github.com/ariary/cfuzz/releases/latest/download/cfuzz \u0026\u0026 chmod +x cfuzz\n```\n\nWith go:\n```shell\ngo install github.com/ariary/cfuzz/cmd/cfuzz@latest\n```\n\n## Usage\n\nIndicate:\n* the command, with the fuzzing part determined with the keyword `FUZZ`\n* the wordlist \n\nand let's get it!\n\n```shell\nexport CFUZZ_CMD=\"printf FUZZ | sudo -S id\" # Example bruteforcing user password, I haven't found better\ncfuzz -w [wordlist] \n```\n\nOr if you prefer in one line:\n```Shell\n# example for subdomain enum\ncfuzz -w [wordlist] -t 5 ping -c 4 FUZZ.domain.net\n```\n\nAdditionnaly it is possible to:\n* **[Filter results](#filter-results)**\n* **[Custom displayed field](#displayed-field)**\n* **[Configure `cfuzz` run](#cfuzz-run-configuration)**\n\n### Filter results\n\nAdditionaly, it is possible to filter displayed results:\n\n**stdout filters:**\n```shell\n  -omin, --stdout-min         filter to only display if stdout characters number is lesser than n\n  -omax, --stdout-max         filter to only display if stdout characters number is greater than n\n  -oeq,  --stdout-equal       filter to only display if stdout characters number is equal to n\n  -ow,   --stdout-word        filter to only display if stdout cointains specific word\n```\n\n**stderr filters:**\n```shell\n  -emin, --stderr-min         filter to only display if stderr characters number is lesser than n\n  -emax, --stderr-max         filter to only display if stderr characters number is greater than n\n  -eeq,  --stderr-equal       filter to only display if stderr characters number is equal to n\n  -ew,   --stderr-word        filter to only display if stderr cointains specific word\n```\n\n**execution time filters:**\n```shell\n  -tmin, --time-min           filter to only display if exectuion time is shorter than n seconds\n  -tmax, --time-max           filter to only display if exectuion time is longer than n seconds\n  -teq,  --time-equal         filter to only display if exectuion time is shorter than n seconds\n```\n\n**command exit code filters:**\n```shell\n  --success                  filter to only display if execution return a zero exit code\n  --failure                  filter to only display if execution return a non-zero exit code\n```\n\nTo only display results that don't pass the filter use `-H` or `--hide` flag.\n\n### `cfuzz` run configuration\nTo make cfuzz more flexible and adapt to different constraints, many options are possible:\n```shell\n  -w, --wordlist            wordlist used by fuzzer\n  -d, --delay               delay in ms between each thread launching. A thread executes one command. (default: 0)\n  -k, --keyword             keyword used to determine which zone to fuzz (default: FUZZ)\n  -s, --shell               shell to use for execution (default: /bin/bash)\n  -to, --timeout            command execution timeout in s. After reaching it the command is killed. (default: 30)\n  -i, --input               provide command stdin\n  -if, --stdin-fuzzing      fuzz sdtin instead of command line\n  -m, --spider              fuzz multiple keyword places. You must provide as many wordlists as keywords. Provide them in order you want them to be applied\n  -sw, --stdin-wordlist     provide wordlist in cfuzz stdin\n```\n\n### Displayed field\n\nIt is also possible to choose which result field is displayed in `cfuzz` output (also possible to use several):\n```shell\n  -oc, --stdout              display stdout number of characters\n  -ec, --stderr              display stderr number of characters\n  -t, --time                 display execution time\n  -c, --code                 display exit code\n  -Hb, --no-banner           do not display banner\n  -r, --only-word            only display words\n  -f, --full-output          display full command execution output (can't be combined with others display mode)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fariary%2Fcfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fariary%2Fcfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fariary%2Fcfuzz/lists"}