https://github.com/codesoap/pfuzz

a web fuzzer using the httpipe format
https://github.com/codesoap/pfuzz

httpipe

Last synced: 11 days ago
JSON representation

a web fuzzer using the httpipe format

• Host: GitHub
• URL: https://github.com/codesoap/pfuzz
• Owner: codesoap
• License: mit
• Created: 2023-12-14T19:32:55.000Z (11 months ago)
• Default Branch: master
• Last Pushed: 2024-03-29T09:05:29.000Z (8 months ago)
• Last Synced: 2024-08-02T15:31:03.166Z (4 months ago)
• Topics: httpipe
• Language: Go
• Homepage:
• Size: 12.7 KB
• Stars: 99
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
pfuzz is a web fuzzer inspired by [ffuf](https://github.com/ffuf/ffuf),

which outputs the generated requests to stdout in the [httpipe

format](https://github.com/codesoap/httpipe) instead of sending them.

# Examples

```console

$ # Fuzzing paths with a wordlist:

$ pfuzz -w /path/to/wordlist -u https://foo.io:1234/FUZZ

{"host":"foo.io","port":"1234","req":"GET /api HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true}

{"host":"foo.io","port":"1234","req":"GET /login HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true}

{"host":"foo.io","port":"1234","req":"GET /home HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true}

...

$ # Using words from stdin to fuzz the Authorization header:

$ generate-tokens | pfuzz -w - -u http://foo.io -H 'Authorization: Bearer FUZZ'

{"host":"foo.io","req":"GET / HTTP/1.1\r\nHost: foo.io\r\nAuthorization: Bearer abc123\r\n\r\n","tls":false}

{"host":"foo.io","req":"GET / HTTP/1.1\r\nHost: foo.io\r\nAuthorization: Bearer xyz1337\r\n\r\n","tls":false}

...

$ # Using multiple wordlists to fuzz paths across multiple subdomains:

$ pfuzz -w /path/to/subdomains:SUB -w /path/to/paths:PATH -u http://SUB.foo.io/PATH

{"host":"doc.foo.io","req":"GET /api HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false}

{"host":"doc.foo.io","req":"GET /login HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false}

{"host":"doc.foo.io","req":"GET /home HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false}

{"host":"forum.foo.io","req":"GET /api HTTP/1.1\r\nHost: forum.foo.io\r\n\r\n","tls":false}

...

```

# Installation

You can download precompiled binaries from the [releases

page](https://github.com/codesoap/pfuzz/releases) or install it with

`go install github.com/codesoap/pfuzz@latest`.

# Usage

```console

$ pfuzz -h

Usage of pfuzz:

  -H value

        An HTTP header to use, e.g. 'Content-Type: application/json'.

  -X string

        The HTTP method to use. (default "GET")

  -d string

        Payload data as given, without any encoding.

        Mostly used for POST requests.

  -u string

        The URL of the target.

  -w value

        The path to a wordlist, and optionally a colon followed

        by a custom placeholder, e.g. '/path/to/username/list:USER'.

Zero, one or more wordlists can be provided. If no custom placeholder

is given, FUZZ is used instead; if multiple wordlists have no custom

placeholder, FUZZ2, FUZZ3, etc. will be assigned. If multiple wordlists

are used, all permutations will be generated.

One wordlist can use '-' instead of a path. It's words will be read from

standard input.

If no wordlist is used, only one request will be generated.

```