Skip to content

codesoap/pfuzz

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pfuzz is a web fuzzer inspired by ffuf, which outputs the generated requests to stdout in the httpipe format instead of sending them.

Examples

$ # Fuzzing paths with a wordlist:
$ pfuzz -w /path/to/wordlist -u https://foo.io:1234/FUZZ
{"host":"foo.io","port":"1234","req":"GET /api HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true}
{"host":"foo.io","port":"1234","req":"GET /login HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true}
{"host":"foo.io","port":"1234","req":"GET /home HTTP/1.1\r\nHost: foo.io:1234\r\n\r\n","tls":true}
...

$ # Using words from stdin to fuzz the Authorization header:
$ generate-tokens | pfuzz -w - -u http://foo.io -H 'Authorization: Bearer FUZZ'
{"host":"foo.io","req":"GET / HTTP/1.1\r\nHost: foo.io\r\nAuthorization: Bearer abc123\r\n\r\n","tls":false}
{"host":"foo.io","req":"GET / HTTP/1.1\r\nHost: foo.io\r\nAuthorization: Bearer xyz1337\r\n\r\n","tls":false}
...

$ # Using multiple wordlists to fuzz paths across multiple subdomains:
$ pfuzz -w /path/to/subdomains:SUB -w /path/to/paths:PATH -u http://SUB.foo.io/PATH
{"host":"doc.foo.io","req":"GET /api HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false}
{"host":"doc.foo.io","req":"GET /login HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false}
{"host":"doc.foo.io","req":"GET /home HTTP/1.1\r\nHost: doc.foo.io\r\n\r\n","tls":false}
{"host":"forum.foo.io","req":"GET /api HTTP/1.1\r\nHost: forum.foo.io\r\n\r\n","tls":false}
...

Installation

You can download precompiled binaries from the releases page or install it with go install github.com/codesoap/pfuzz@latest.

Usage

$ pfuzz -h
Usage of pfuzz:
  -H value
        An HTTP header to use, e.g. 'Content-Type: application/json'.
  -X string
        The HTTP method to use. (default "GET")
  -d string
        Payload data as given, without any encoding.
        Mostly used for POST requests.
  -u string
        The URL of the target.
  -w value
        The path to a wordlist, and optionally a colon followed
        by a custom placeholder, e.g. '/path/to/username/list:USER'.

Zero, one or more wordlists can be provided. If no custom placeholder
is given, FUZZ is used instead; if multiple wordlists have no custom
placeholder, FUZZ2, FUZZ3, etc. will be assigned. If multiple wordlists
are used, all permutations will be generated.

One wordlist can use '-' instead of a path. It's words will be read from
standard input.

If no wordlist is used, only one request will be generated.