https://github.com/adriank31/http-fuzzer

Script uses the requests library to send different types of HTTP requests and headers to a specified target URL
https://github.com/adriank31/http-fuzzer

http http-fuzzer url web web-exploits

Last synced: 4 months ago
JSON representation

Script uses the requests library to send different types of HTTP requests and headers to a specified target URL

• Host: GitHub
• URL: https://github.com/adriank31/http-fuzzer
• Owner: adriank31
• Created: 2024-08-04T05:13:39.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-11-20T22:23:40.000Z (over 1 year ago)
• Last Synced: 2025-02-28T17:46:51.160Z (about 1 year ago)
• Topics: http, http-fuzzer, url, web, web-exploits
• Language: Python
• Homepage:
• Size: 14.6 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          


  

    

  


# What is an HTTP-Fuzzer

An HTTP-Fuzzer is a cybersecurity tool used for testing the robustness of web applications by sending a variety of crafted HTTP requests to identify vulnerabilities. This tool simulates malicious user behavior, such as SQL injection, to discover flaws in input validation, authentication, and other application layers. By automating the process of injecting payloads and testing responses, it enhances the security assessment process, helping security professionals pinpoint weaknesses and improve the resilience of web applications against attacks.

# Key Features

- Matrix-style aesthetic with dynamic green console output.

- Multi-threaded design for efficient and fast scanning of multiple URLs.

- Support for custom SQL injection payloads from an external file.

- Support for custom HTTP headers to tailor requests.

- Detects multiple SQL injection types, including time-based, Boolean-based, and error-based.

- Seamless integration with pipeline input for scanning large URL lists.

- Real-time detection logs with detailed information on vulnerabilities.

# Installation Using Git

To install and set up the HTTP-Fuzzer:

- Clone the repository:

  ![image](https://github.com/user-attachments/assets/e6cd26e9-561b-4645-b8d0-9796a72e68ba)

  

- Install the Dependencies:

  ![image](https://github.com/user-attachments/assets/cb7496e6-6f14-49f7-bd98-26c20808d98a)

  

- Make the Script Executable:

  ![image](https://github.com/user-attachments/assets/14bae775-d4b2-4296-8b47-29ff1ee11e3e)

# Usage

This will display help for the tool. Here are all the options it supports.

![image](https://github.com/user-attachments/assets/68e32234-0c03-499f-a387-a89ee5cf3d68)

# Running SQLMAST

 - Single URL Scan:

   ![image](https://github.com/user-attachments/assets/55685daf-1b07-499c-9955-0364e954427e)

 - Pipeline Input for Multiple URLs:

   ![image](https://github.com/user-attachments/assets/a6f1ecf9-c37a-479a-9ca9-1afa4a34a852)

 - Custom Payload File:

   ![image](https://github.com/user-attachments/assets/786c0556-cd9d-4aeb-96db-2cf58b670dba)

 - Custom Headers File:

   ![image](https://github.com/user-attachments/assets/a4a76939-a683-4c2b-9df3-be54cd9eb73c)

 - Adjust Thread Count:

   ![image](https://github.com/user-attachments/assets/acad5b31-a0f9-4d58-9a8b-f77e0cbf5aa1)

# Legal Disclaimer 

Usage of this tool for attacking targets without prior mutual consent is strictly prohibited. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.