https://github.com/offensive-tooling/fuzzmap
Web Application Offensive Fuzzing Module
https://github.com/offensive-tooling/fuzzmap
fuzzing fuzzmap offensive offensive-tooling pentest pentesting scanner vulnerability-scanners webfuzzer webscanner
Last synced: 5 months ago
JSON representation
Web Application Offensive Fuzzing Module
- Host: GitHub
- URL: https://github.com/offensive-tooling/fuzzmap
- Owner: offensive-tooling
- License: mit
- Created: 2024-11-10T07:14:21.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-04-20T09:19:49.000Z (about 1 year ago)
- Last Synced: 2025-11-27T18:19:28.964Z (7 months ago)
- Topics: fuzzing, fuzzmap, offensive, offensive-tooling, pentest, pentesting, scanner, vulnerability-scanners, webfuzzer, webscanner
- Language: Python
- Homepage:
- Size: 720 KB
- Stars: 6
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# FUZZmap
[](https://www.python.org/)
[](LICENSE)
**Web Application Vulnerability Fuzzing Tool**
*Current version: 0.2 (SQL Injection, XSS)*
FUZZmap is a web application vulnerability fuzzing tool designed to detect security flaws. It identifies web application vulnerabilities through automated parameter Reconnaissance and advanced payload testing.
## đģ FUZZmap Developers
- [arrester](https://github.com/arrester)
- [jhanks](https://github.com/jeongahn)
- [mathe](https://github.com/ma4the)
- [arecia](https://github.com/areciah)
- [hansowon](https://github.com/hansowon)
## ⨠Features
- **Parameter Reconnaissance**
- **Common Payload Testing**
- **Advanced Payload Testing**
- **SQL Injection Detection** - Advanced analysis including error-based, time-based, and boolean-based techniques (v0.1)
- **XSS Detection** - Advanced analysis including advanced xss in v0.2
- **SSTI Detection** - *(Advanced analysis coming in v0.3)*
- **Asynchronous Architecture** - Utilizes `asyncio` and semaphores for optimized concurrent testing
- **Expandable Framework** - Designed for easy addition of new vulnerability types in future versions
## đ Installation
### Using pip
```bash
# Installation
pip install fuzzmap
```
### From GitHub
```bash
# Git clone
git clone https://github.com/offensive-tooling/FUZZmap.git
cd fuzzmap
# Installation
pip install -e .
```
## đ Usage
### Command Line Usage
```bash
# Test specific parameter
fuzzmap -t -m get -p
# Test multiple parameters
fuzzmap -t -m get -p ,
# Use POST method
fuzzmap -t -m post -p
# Test with Parameter Reconnaissance
fuzzmap -t -rp
```
### Python Module Usage
```python
import asyncio
from fuzzmap.core.controller.controller import Controller
async def main():
# Test with specific parameters
fm = Controller(target="http://target.com", method="GET", param=["target_parameter"])
results = await fm.async_run()
# Test with Parameter Reconnaissance
fm = Controller(target="http://target.com", recon_param=True)
results = await fm.async_run()
asyncio.run(main())
```
## đ ī¸ How It Works
FuzzMap operates in four main phases:
1. **Parameter Reconnaissance**: Automatically identifies parameters through:
- URL query extraction
- Form field analysis (inputs, selects, textareas)
- Form action paths and methods
- *(JavaScript hidden parameters - release later)*
- *(Dynamic parameter collection module - release later)*
2. **Common Payload Testing**: Tests various vulnerabilities with common payloads:
- SQL Injection
- XSS (Cross Site Scripting)
- SSTI (Server Side Template Injection)
- *(More types to be continuously added)*
3. **Advanced Payload Testing** (Currently for SQL Injection only):
- SQL Injection (error-based, time-based, boolean-based)
- *(XSS payloads and features coming in v0.2)*
- *(SSTI payloads and features coming in v0.3)*
4. **Result Classification**: Categorize findings as follows:
- Vulnerability type and subtype
- Detection confidence scoring (0-100%)
- Detection details and evidence
## đ Example Output
```
handler: common, advanced
đ¯ url: http://target.com/
parameters: ['test', 'searchFor']
method: GET
Type: xss
đ° Detected: True
Common_payload: '">
Common_Confidence: 50
đ Detail_Vuln: Error-Based SQL Injection
Advanced_payload: ' UNION SELECT NULL-- -
Advanced_Confidence: 100
Context: ECT NULL-- -Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
------------------------------------------------------------------
handler: common, advanced
đ¯ url: http://target.com/
parameters: ['test', 'searchFor']
method: GET
Type: sql_injection
đ° Detected: True
Common_payload: ' || BEGIN DBMS_SESSION.SLEEP(5); END; --
Common_Confidence: 70
đ Detail_Vuln: Error-Based SQL Injection
Advanced_payload: ' UNION SELECT NULL-- -
Advanced_Confidence: 100
Context: ECT NULL-- -Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
```
## âī¸ Command Line Options
```
-t, --target đ¯ Target URL to scan
-m, --method đĄ HTTP method (GET/POST)
-p, --param đ Parameters to test (comma separated)
-rp, --recon_param đ Enable parameter reconnaissance
-a, --advanced đŦ Enable advanced payload scan
-ua, --user_agent đ Custom User-Agent string
-c, --cookies đĒ Cookies to include (format: name1=value1;name2=value2)
-v, --verbose đ Enable verbose output
-h, --help âšī¸ Show this help message
```
## đ Translations
- [English (Original)](README.md)
- [Korean](fuzzmap/doc/translations/README-KR.md)
## đ Disclaimer
FUZZmap is designed for legitimate security testing with proper authorization. Always ensure you have permission before testing any website or application.
---
FUZZmap - Slogan (Coming Soon)