https://github.com/th3hack3rwiz/Lazy-FuzzZ

Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this problem I created Lazy FuzzZ. It fuzzes all those urls, removes all false positives and sends only legitimate results to burpsuite.
https://github.com/th3hack3rwiz/Lazy-FuzzZ

Last synced: 3 months ago
JSON representation

Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this problem I created Lazy FuzzZ. It fuzzes all those urls, removes all false positives and sends only legitimate results to burpsuite.

• Host: GitHub
• URL: https://github.com/th3hack3rwiz/Lazy-FuzzZ
• Owner: th3hack3rwiz
• Created: 2020-11-03T15:38:25.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2021-07-14T08:15:09.000Z (over 3 years ago)
• Last Synced: 2024-06-07T00:32:17.822Z (5 months ago)
• Language: Shell
• Homepage:
• Size: 73.2 KB
• Stars: 51
• Watchers: 1
• Forks: 7
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - th3hack3rwiz/Lazy-FuzzZ - Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this probl (Shell)

README

        
![](https://th3hack3rwiz.github.io/images/LazyFuzz/banner_final.PNG)

# Lazy-FuzzZ

Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist for content discovery. Fuzzing each URL one by one is a tedious task, and not to mention the false positives we obtain in those results. To solve this problem I created Lazy FuzzZ. It fuzzes all those urls, removes all the false positive results and stores only legitimate results which are later sent to Burp Suite.

## Installation

1. Clone the repository : git clone https://github.com/th3hack3rwiz/Lazy-FuzzZ.git

2. cd Lazy-FuzzZ ; chmod +x lazyFuzzZ.sh 

3. The script is now ready to use. 

## Requirements

1. Must have ffuf installed from: https://github.com/ffuf/ffuf

2. Must have bfeed.py installed from: https://github.com/ZephrFish/BurpFeed/blob/master/bfeed.py

## Instructions

- Add the path to bfeed.py on line no. 129 of lazyFuzzZ.sh.

- Use flags (-d ,-f, or -a) if required, before supplying command line arguments.

## Usage

- It  requires 3 command line arguments: ./lazyFuzzZ.sh   

![](https://th3hack3rwiz.github.io/images/LazyFuzz/usage_final.PNG)

## Example usage

![](https://th3hack3rwiz.github.io/images/LazyFuzz/results.PNG)

# Explained output

![](https://th3hack3rwiz.github.io/images/LazyFuzz/output_final.PNG)

## Features 

1. Helps in automating the directory enumeration process.

2. Provides users with an option to use their prefered set of ffuf flags.

3. Fuzzes a set of sub-domains' URLs with a common-wordlist and stores clean results in a new directory. *(It creates a new directory using name of the wordlist supplied)*

4. Removes most false positive from the results we obtain from ffuf.

5. Adds only legitimate results to an active burp session using bfeed.py.