Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/th3hack3rwiz/Lazy-FuzzZ
Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this problem I created Lazy FuzzZ. It fuzzes all those urls, removes all false positives and sends only legitimate results to burpsuite.
https://github.com/th3hack3rwiz/Lazy-FuzzZ
Last synced: 22 days ago
JSON representation
Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this problem I created Lazy FuzzZ. It fuzzes all those urls, removes all false positives and sends only legitimate results to burpsuite.
- Host: GitHub
- URL: https://github.com/th3hack3rwiz/Lazy-FuzzZ
- Owner: th3hack3rwiz
- Created: 2020-11-03T15:38:25.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2021-07-14T08:15:09.000Z (over 3 years ago)
- Last Synced: 2024-08-05T17:42:53.991Z (4 months ago)
- Language: Shell
- Homepage:
- Size: 73.2 KB
- Stars: 51
- Watchers: 1
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - th3hack3rwiz/Lazy-FuzzZ - Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this probl (Shell)
README
![](https://th3hack3rwiz.github.io/images/LazyFuzz/banner_final.PNG)
# Lazy-FuzzZSometimes we want to fuzz a set of sub-domain URLs with a common wordlist for content discovery. Fuzzing each URL one by one is a tedious task, and not to mention the false positives we obtain in those results. To solve this problem I created Lazy FuzzZ. It fuzzes all those urls, removes all the false positive results and stores only legitimate results which are later sent to Burp Suite.
## Installation
1. Clone the repository : git clone https://github.com/th3hack3rwiz/Lazy-FuzzZ.git
2. cd Lazy-FuzzZ ; chmod +x lazyFuzzZ.sh
3. The script is now ready to use.## Requirements
1. Must have ffuf installed from: https://github.com/ffuf/ffuf
2. Must have bfeed.py installed from: https://github.com/ZephrFish/BurpFeed/blob/master/bfeed.py## Instructions
- Add the path to bfeed.py on line no. 129 of lazyFuzzZ.sh.
- Use flags (-d ,-f, or -a) if required, before supplying command line arguments.## Usage
- It requires 3 command line arguments: ./lazyFuzzZ.sh
![](https://th3hack3rwiz.github.io/images/LazyFuzz/usage_final.PNG)
## Example usage
![](https://th3hack3rwiz.github.io/images/LazyFuzz/results.PNG)
# Explained output
![](https://th3hack3rwiz.github.io/images/LazyFuzz/output_final.PNG)
## Features
1. Helps in automating the directory enumeration process.
2. Provides users with an option to use their prefered set of ffuf flags.
3. Fuzzes a set of sub-domains' URLs with a common-wordlist and stores clean results in a new directory. *(It creates a new directory using name of the wordlist supplied)*
4. Removes most false positive from the results we obtain from ffuf.
5. Adds only legitimate results to an active burp session using bfeed.py.