{"id":13576642,"url":"https://github.com/codesoap/pfuzz","last_synced_at":"2025-04-05T08:32:37.845Z","repository":{"id":212540238,"uuid":"731747810","full_name":"codesoap/pfuzz","owner":"codesoap","description":"a web fuzzer using the httpipe format","archived":false,"fork":false,"pushed_at":"2024-03-29T09:05:29.000Z","size":13,"stargazers_count":99,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-08-02T15:31:03.166Z","etag":null,"topics":["httpipe"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codesoap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-12-14T19:32:55.000Z","updated_at":"2024-03-29T03:00:38.000Z","dependencies_parsed_at":"2023-12-21T09:27:11.629Z","dependency_job_id":"50e22689-0df2-48ed-beed-97ea73585169","html_url":"https://github.com/codesoap/pfuzz","commit_stats":null,"previous_names":["codesoap/pfuzz"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codesoap%2Fpfuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codesoap%2Fpfuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codesoap%2Fpfuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codesoap%2Fpfuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codesoap","download_url":"https://codeload.github.com/codesoap/pfuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223176492,"owners_count":17100640,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["httpipe"],"created_at":"2024-08-01T15:01:12.348Z","updated_at":"2024-11-05T13:30:45.643Z","avatar_url":"https://github.com/codesoap.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"pfuzz is a web fuzzer inspired by [ffuf](https://github.com/ffuf/ffuf),\nwhich outputs the generated requests to stdout in the [httpipe\nformat](https://github.com/codesoap/httpipe) instead of sending them.\n\n# Examples\n```console\n$ # Fuzzing paths with a wordlist:\n$ pfuzz -w /path/to/wordlist -u https://foo.io:1234/FUZZ\n{\"host\":\"foo.io\",\"port\":\"1234\",\"req\":\"GET /api HTTP/1.1\\r\\nHost: foo.io:1234\\r\\n\\r\\n\",\"tls\":true}\n{\"host\":\"foo.io\",\"port\":\"1234\",\"req\":\"GET /login HTTP/1.1\\r\\nHost: foo.io:1234\\r\\n\\r\\n\",\"tls\":true}\n{\"host\":\"foo.io\",\"port\":\"1234\",\"req\":\"GET /home HTTP/1.1\\r\\nHost: foo.io:1234\\r\\n\\r\\n\",\"tls\":true}\n...\n\n$ # Using words from stdin to fuzz the Authorization header:\n$ generate-tokens | pfuzz -w - -u http://foo.io -H 'Authorization: Bearer FUZZ'\n{\"host\":\"foo.io\",\"req\":\"GET / HTTP/1.1\\r\\nHost: foo.io\\r\\nAuthorization: Bearer abc123\\r\\n\\r\\n\",\"tls\":false}\n{\"host\":\"foo.io\",\"req\":\"GET / HTTP/1.1\\r\\nHost: foo.io\\r\\nAuthorization: Bearer xyz1337\\r\\n\\r\\n\",\"tls\":false}\n...\n\n$ # Using multiple wordlists to fuzz paths across multiple subdomains:\n$ pfuzz -w /path/to/subdomains:SUB -w /path/to/paths:PATH -u http://SUB.foo.io/PATH\n{\"host\":\"doc.foo.io\",\"req\":\"GET /api HTTP/1.1\\r\\nHost: doc.foo.io\\r\\n\\r\\n\",\"tls\":false}\n{\"host\":\"doc.foo.io\",\"req\":\"GET /login HTTP/1.1\\r\\nHost: doc.foo.io\\r\\n\\r\\n\",\"tls\":false}\n{\"host\":\"doc.foo.io\",\"req\":\"GET /home HTTP/1.1\\r\\nHost: doc.foo.io\\r\\n\\r\\n\",\"tls\":false}\n{\"host\":\"forum.foo.io\",\"req\":\"GET /api HTTP/1.1\\r\\nHost: forum.foo.io\\r\\n\\r\\n\",\"tls\":false}\n...\n```\n\n# Installation\nYou can download precompiled binaries from the [releases\npage](https://github.com/codesoap/pfuzz/releases) or install it with\n`go install github.com/codesoap/pfuzz@latest`.\n\n# Usage\n```console\n$ pfuzz -h\nUsage of pfuzz:\n  -H value\n        An HTTP header to use, e.g. 'Content-Type: application/json'.\n  -X string\n        The HTTP method to use. (default \"GET\")\n  -d string\n        Payload data as given, without any encoding.\n        Mostly used for POST requests.\n  -u string\n        The URL of the target.\n  -w value\n        The path to a wordlist, and optionally a colon followed\n        by a custom placeholder, e.g. '/path/to/username/list:USER'.\n\nZero, one or more wordlists can be provided. If no custom placeholder\nis given, FUZZ is used instead; if multiple wordlists have no custom\nplaceholder, FUZZ2, FUZZ3, etc. will be assigned. If multiple wordlists\nare used, all permutations will be generated.\n\nOne wordlist can use '-' instead of a path. It's words will be read from\nstandard input.\n\nIf no wordlist is used, only one request will be generated.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodesoap%2Fpfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodesoap%2Fpfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodesoap%2Fpfuzz/lists"}