https://github.com/picobaz/pyformblaster

PyFormBlaster: A sleek Python web form fuzzer for ethical security audits. Blast forms with random and malicious inputs to uncover XSS, SQL Injection, and more. Features auto-field detection, CSV logging, and modular config. Test responsibly!
https://github.com/picobaz/pyformblaster

cybersecurity ethical-hacking form-fuzzer fuzzing penetration-testing python security web-security

Last synced: 9 months ago
JSON representation

PyFormBlaster: A sleek Python web form fuzzer for ethical security audits. Blast forms with random and malicious inputs to uncover XSS, SQL Injection, and more. Features auto-field detection, CSV logging, and modular config. Test responsibly!

• Host: GitHub
• URL: https://github.com/picobaz/pyformblaster
• Owner: PicoBaz
• License: other
• Created: 2025-08-27T07:01:18.000Z (10 months ago)
• Default Branch: master
• Last Pushed: 2025-08-27T09:00:54.000Z (10 months ago)
• Last Synced: 2025-08-27T18:08:50.410Z (10 months ago)
• Topics: cybersecurity, ethical-hacking, form-fuzzer, fuzzing, penetration-testing, python, security, web-security
• Language: Python
• Homepage:
• Size: 3.91 KB
• Stars: 5
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: ReadMe.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
# PyFormBlaster

A powerful, modular web form fuzzing tool built for ethical security audits in Python. PyFormBlaster enables developers and security enthusiasts to test web forms with random and malicious inputs, uncovering potential vulnerabilities like XSS, SQL Injection, or unexpected behaviors.

⚠️ **Ethical Use Only**: This tool is for testing your own systems or with explicit permission. Misuse can lead to legal consequences. Always prioritize security best practices.

## Features

- **Modular Config**: All settings (URL, form fields, fuzzing rules) in a single `config.json` file for quick tweaks.

- **Auto Form Detection**: Automatically extracts form fields using BeautifulSoup.

- **Smart Input Generation**: Combines random strings with malicious payloads for comprehensive testing.

- **Error Resilience**: Automatic retries on transient errors, with configurable delays to avoid locks.

- **CSV Reporting**: Detailed logs of attempts, including response codes and content length.

- **Python Powered**: Lightweight, runs anywhere with Python 3.6+.

## Installation

1. Clone the repo:

   ```

   git clone https://github.com/PicoBaz/PyFormBlaster.git

   cd PyFormBlaster

   ```

2. Install dependencies:

   ```

   pip install -r requirements.txt

   ```

3. Edit `config.json` to match your setup (e.g., form URL, fields).

## Usage

Run the script:

```

python form_fuzzer.py

```

- Output: Progress in console, results in `form_fuzzer_results.csv`.

- Example config tweak: Increase `maxAttempts` for deeper tests, but monitor for rate limits.

## Configuration

Edit `config.json`:

- `formUrl`: Target form submission endpoint.

- `formFields`: Default form fields (used if `autoDetectFields` is false).

- `payloadConfig`: Tune attempts, delays, retries, input length, and malicious payload usage.

- `characters`: Char sets for random inputs.

## Extending PyFormBlaster

- Add custom malicious payloads in `form_fuzzer.py`.

- Integrate with external payload lists (e.g., OWASP lists in TXT files).

- For advanced setups, fork and add parallel processing via `concurrent.futures`.

## Disclaimer

PyFormBlaster is an educational tool. Use responsibly—test only what you own. The author assumes no liability for misuse.

Star the repo if it helps your audits! 🌟 Contributions welcome.