https://github.com/ynori7/hulksmash
A very easy-to-use library for building a custom brute-force requester for QA purposes
https://github.com/ynori7/hulksmash
bruteforce qa qatools security security-tools
Last synced: 5 months ago
JSON representation
A very easy-to-use library for building a custom brute-force requester for QA purposes
- Host: GitHub
- URL: https://github.com/ynori7/hulksmash
- Owner: ynori7
- License: mit
- Created: 2021-03-21T07:38:06.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2025-05-08T10:55:25.000Z (about 1 year ago)
- Last Synced: 2025-05-08T11:43:38.811Z (about 1 year ago)
- Topics: bruteforce, qa, qatools, security, security-tools
- Language: Go
- Homepage:
- Size: 48.8 KB
- Stars: 6
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Hulk Smash [](https://godoc.org/github.com/ynori7/hulksmash) [](https://goreportcard.com/report/github.com/ynori7/hulksmash)

This is a very easy-to-use library for building a custom brute-force requester for QA purposes. This
tool can be useful, for example, for performance and load testing or for testing your rate-limiter. This tool
automatically adds randomized headers to anonymize the request such as `X-Forwarded-For` and `User-Agent`.
This tool is to be used only for benign purposes!
## Usage
To use it, simply import `"github.com/ynori7/hulksmash"`. Then construct a request builder, which is a
function to get the request you want to perform. This request builder accepts an index in case you want to
send requests to a variety of endpoints, with varying payloads, or with a cachebreaker. Then you simply
create your smasher instance and tell it to start smashing.
```go
requestBuilder := func(item string) (*http.Request, error) {
return http.NewRequest(http.MethodGet, url, nil)
}
hulksmash.NewSmasher(hulksmash.WithIterations(5)).Smash(context.Background(), requestBuilder)
```
The smasher comes with some configurable options with safe defaults. Here is a list of the options:
| Option | Description | Default |
| ------------- |:-------------| -----|
| WithClient | Allows you to override the HTTP Client | hulksmash's http.NewClient() |
| WithWorkerCount | Sets the number of workers which will send requests in parallel | 1 |
| WithErrorFunc | Function which is called in case of an error while performing the request | Simply logs it to stdout |
| WithSuccessResponseCallback | Function which is called in case of a successful request | Simply logs the http status code and response body |
| WithIterations | The number of calls to make | 1 |
| WithStartIndex | The start index to use when iterating. Can be useful if you want to resume a previous experiment | 0 |
| WithAnonymizeRequests | Can be used to disable the logic to automatically add headers to make reqeusts look more organic | true |
| WithSequenceFunc | Can be used to specify the way the iteration sequence should be built, for example numeric or alphanumeric. Some presets are available in the sequence package | sequence.Numeric |
A basic and advanced example can be found in [example](example).
## Attribution
Icon from [Sujud.icon](https://www.iconfinder.com/MUHrist) ([CC BY 3.0](https://creativecommons.org/licenses/by/3.0/))
Uses `refraction-networking/utls` to randomize the TCP Hello fingerprint.