{"id":17093131,"url":"https://github.com/souvikinator/gofuzz","last_synced_at":"2025-04-12T22:45:06.968Z","repository":{"id":46544271,"uuid":"348920799","full_name":"souvikinator/gofuzz","owner":"souvikinator","description":"Fast as Flash Web URL Fuzzing tool written in golang.","archived":false,"fork":false,"pushed_at":"2021-10-26T18:04:48.000Z","size":313,"stargazers_count":37,"open_issues_count":4,"forks_count":10,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-12T22:45:00.423Z","etag":null,"topics":["fuzzer","gofuzz","golang","hacktober","hacktoberfest","hacktoberfest-accepted","hacktoberfest2021","web"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/souvikinator.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-03-18T02:51:22.000Z","updated_at":"2024-10-28T02:36:02.000Z","dependencies_parsed_at":"2022-08-31T16:32:01.765Z","dependency_job_id":null,"html_url":"https://github.com/souvikinator/gofuzz","commit_stats":null,"previous_names":["darthcucumber/gofuzz"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikinator%2Fgofuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikinator%2Fgofuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikinator%2Fgofuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikinator%2Fgofuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/souvikinator","download_url":"https://codeload.github.com/souvikinator/gofuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248643047,"owners_count":21138353,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzer","gofuzz","golang","hacktober","hacktoberfest","hacktoberfest-accepted","hacktoberfest2021","web"],"created_at":"2024-10-14T14:04:51.593Z","updated_at":"2025-04-12T22:45:06.940Z","avatar_url":"https://github.com/souvikinator.png","language":"Go","readme":"[![fuzz-removebg-preview.png](https://i.postimg.cc/VsxCTCxS/fuzz-removebg-preview.png)](https://postimg.cc/rz9sRKFc)\n\n\u003chr /\u003e\n\n## What is it?\n\nGOFUZZ is fast web fuzzer which takes in URL as input and test the URL for diffrent set of inputs provided by the user.\nCurrently in Beta phase (now that sounds professional xD)\n\n![gofuzz in action](https://i.imgur.com/orlvQJX.gif)\n\n**results**:\n\n![gofuzz result](https://i.imgur.com/BDuFc09.png)\n\nah! so we have some forbidden directories ;)\n\nOutput is exported to a file and not displayed on the screen to avoid bloating and filling screen with output.\n\n## TODO\n\n- [x] Add Output file feature where output can be stored in specified file\n- [X] Add export type TXT \n- [x] Add export type JSON\n- [x] Add exclude option which lets user exclude specific response status codes from the results\n- [x] Add percentage/progress feature\n- [x] Add timeout feature when one URL is not responding for a specific time\n- [x] Add GET method feature  \n- [ ] Add redirection URL to the results\n- [ ] Make a rate limiter\n- [ ] Add export type CSV\n- [ ] Add Permuation feature\n- [ ] Add POST method feature.\n\nand a lot more... \n\nWill add as we go along\n\n## Features\n\n### -u (URL)\n\nTarget URL has to be provided using `-u` option like so:\n\n```bash\ngofuzz -u \"http://targeturl.com/targetpath?q1=\u003c@\u003e\u0026q2=\u003c@\u003e\"\n```\n**What is `\u003c@\u003e` ?**\n\n`\u003c@\u003e` is placeholder where the test cases will be placed while fuzzing. We'll see how it works on the way. You can place multiple placeholders in the target URL\n\n### \n\n### -n (numeric)\n\nNumeric values can be passed using `-n` option like so:\n\n- `-n 100` : tests from 0 to 100\n- `-n 10,200` : tests from 10 to 200\n- `-n 10,11,20,50` : tests for 10,11,20,50 only\n\n```bash\ngofuzz -u \"httpL//targeturl.com/targetpath?q1=\u003c@\u003e\u0026q2=\u003c@\u003e\" -n 100\n```\nabove tests URL for `2000-3000` replacing placeholders(`\u003c@\u003e`) with numbers. Here is an gif showing example:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://i.imgur.com/VFO6Z34.gif\" /\u003e\n\u003c/p\u003e\n\nand here we have the results\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://i.imgur.com/LWT064D.png\" /\u003e\n\u003c/p\u003e\n\n\n### -a (ASCII)\n\nSuppose I want to test a URL for vulnerabilites like SQL injection or LDAP injection. Common way to do it is test for `*,\",',=...so on`. Doing it manually is no cool. Provide a range of ASCII values using `-a` option and rest is done by GOFUZZ.\n\n- `-a 65` : tests for `A` only\n- `-a 65,90` : tests from `A` to `Z`\n- `-a 65,66,67,68` : tests for `A,B,C,D` only\n\n\u003cp align=\"center\"\u003e\n   \u003cimg src=\"https://i.imgur.com/FY3eRPh.gif\" /\u003e\n\u003c/p\u003e\n\n**Results:**\n\n\u003cp align=\"center\"\u003e\n   \u003cimg src=\"https://i.imgur.com/2BJnxDW.png\" /\u003e\n\u003c/p\u003e\n\n### -c (characters)\n\nYou can pass list of characters you want to test for, like so\n\n- `-a \"{,},^,%,\u0026,*,#,@,!\"` : tests for `{,},^,%,\u0026,*,#,@,!` only\n\nNOTE: it is preffered to wrap the input around quotes as shows above to prevent any ambiguity with the shell symbols.\n\n\n### -o (output directory)\n\nTakes in output directory where the results will be saved. Default is `./output`.\n\nusage: `gofuzz -u \"http://targeturl/targetpath?tq1=\u003c@\u003e\u0026tq2=\u003c@\u003e\" -f keywords.txt -o ./custom_output_dir`\n\n### -export (result export type)(default:json)\n\nTakes in **txt** or **json** as input.\n\nusage: `gofuzz -u \"http://targeturl/targetpath?tq1=\u003c@\u003e\u0026tq2=\u003c@\u003e\" -f keywords.txt -export txt`\n\n### -exclude (blacklisting status code)\n\nTakes in status codes as input and doesn't includes them in the result. Example can be seen in the very first gif of this readme.\n\n### -t  (timeout)(default:30000)\n\nTakes in time in milliseconds(ms). How long gofuzz will wait if the connection is not responding. Default 30000 ms or 30 s\n\nLet's set timeout to 1 min or 60 sec or 60000 ms\nusage: `gofuzz -u \"http://targeturl/targetpath?tq1=\u003c@\u003e\u0026tq2=\u003c@\u003e\" -f keywords.txt -t 60000`\n\n### -h (shows usage menu)\n\n#### more features to be added...\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsouvikinator%2Fgofuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsouvikinator%2Fgofuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsouvikinator%2Fgofuzz/lists"}