Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ariary/cfuzz
Command line fuzzer and bruteforcer 🌪 wfuzz for command
https://github.com/ariary/cfuzz
bruteforce bruteforcing cli fuzzing hacking pentest security
Last synced: about 1 month ago
JSON representation
Command line fuzzer and bruteforcer 🌪 wfuzz for command
- Host: GitHub
- URL: https://github.com/ariary/cfuzz
- Owner: ariary
- License: unlicense
- Created: 2022-02-16T14:08:57.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-09-19T08:06:10.000Z (over 2 years ago)
- Last Synced: 2024-07-30T18:35:08.035Z (5 months ago)
- Topics: bruteforce, bruteforcing, cli, fuzzing, hacking, pentest, security
- Language: Go
- Homepage:
- Size: 1.07 MB
- Stars: 85
- Watchers: 2
- Forks: 9
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# cfuzz
The same thing as [`wfuzz`](https://github.com/xmendez/wfuzz) **but for command line fuzzing. This enables to fuzz any command line execution and filter results.**
*Also a good friend for bruteforcing*
{ Install it ; Use it }
**Why?**
To perform fuzzing or bruteforcing we have plenty of awesome tools ([`fuff`](https://github.com/ffuf/ffuf) and [`wfuzz`](https://github.com/xmendez/wfuzz) for web fuzzing, [`hydra`](https://github.com/vanhauser-thc/thc-hydra) for network bruteforcing, to mention just a few). **`cfuzz`** is a tool that propose a different approach with a step-back. **The aim is to be able to fuzz/bruteforce anything that can be transcribed in command line**.Consequently, `cfuzz` can be seen either as an alternative of these tools for simple use case or an extension cause it handles a huge range of use cases
*Origins of the idea: when bruteforcing ipmi service to enumerate users. 3 options: use `msfconsole`, write module for `hydra`, manually or programmaticaly parse `ipmitool` tool output*
## Demo
|user password bruteforcing|
|:---:|
|![demo](https://github.com/ariary/cfuzz/blob/main/img/cfuzz-user-demo.gif)|## Install
From release:
```shell
curl -lO -L -s https://github.com/ariary/cfuzz/releases/latest/download/cfuzz && chmod +x cfuzz
```With go:
```shell
go install github.com/ariary/cfuzz/cmd/cfuzz@latest
```## Usage
Indicate:
* the command, with the fuzzing part determined with the keyword `FUZZ`
* the wordlistand let's get it!
```shell
export CFUZZ_CMD="printf FUZZ | sudo -S id" # Example bruteforcing user password, I haven't found better
cfuzz -w [wordlist]
```Or if you prefer in one line:
```Shell
# example for subdomain enum
cfuzz -w [wordlist] -t 5 ping -c 4 FUZZ.domain.net
```Additionnaly it is possible to:
* **[Filter results](#filter-results)**
* **[Custom displayed field](#displayed-field)**
* **[Configure `cfuzz` run](#cfuzz-run-configuration)**### Filter results
Additionaly, it is possible to filter displayed results:
**stdout filters:**
```shell
-omin, --stdout-min filter to only display if stdout characters number is lesser than n
-omax, --stdout-max filter to only display if stdout characters number is greater than n
-oeq, --stdout-equal filter to only display if stdout characters number is equal to n
-ow, --stdout-word filter to only display if stdout cointains specific word
```**stderr filters:**
```shell
-emin, --stderr-min filter to only display if stderr characters number is lesser than n
-emax, --stderr-max filter to only display if stderr characters number is greater than n
-eeq, --stderr-equal filter to only display if stderr characters number is equal to n
-ew, --stderr-word filter to only display if stderr cointains specific word
```**execution time filters:**
```shell
-tmin, --time-min filter to only display if exectuion time is shorter than n seconds
-tmax, --time-max filter to only display if exectuion time is longer than n seconds
-teq, --time-equal filter to only display if exectuion time is shorter than n seconds
```**command exit code filters:**
```shell
--success filter to only display if execution return a zero exit code
--failure filter to only display if execution return a non-zero exit code
```To only display results that don't pass the filter use `-H` or `--hide` flag.
### `cfuzz` run configuration
To make cfuzz more flexible and adapt to different constraints, many options are possible:
```shell
-w, --wordlist wordlist used by fuzzer
-d, --delay delay in ms between each thread launching. A thread executes one command. (default: 0)
-k, --keyword keyword used to determine which zone to fuzz (default: FUZZ)
-s, --shell shell to use for execution (default: /bin/bash)
-to, --timeout command execution timeout in s. After reaching it the command is killed. (default: 30)
-i, --input provide command stdin
-if, --stdin-fuzzing fuzz sdtin instead of command line
-m, --spider fuzz multiple keyword places. You must provide as many wordlists as keywords. Provide them in order you want them to be applied
-sw, --stdin-wordlist provide wordlist in cfuzz stdin
```### Displayed field
It is also possible to choose which result field is displayed in `cfuzz` output (also possible to use several):
```shell
-oc, --stdout display stdout number of characters
-ec, --stderr display stderr number of characters
-t, --time display execution time
-c, --code display exit code
-Hb, --no-banner do not display banner
-r, --only-word only display words
-f, --full-output display full command execution output (can't be combined with others display mode)
```