A web fuzzer the solves my problems between (dirb, ffuf, dirbuster) by combining and adding functinality.
This tool was build with customizablity in mind and supports many function to handle my needs. Stealth was a big goal so a few features were added to facilitale this. Along with some new functions like User-Agent and Proxy tumbling, this project focused on documentation and readability.
- Concurrentcy
- Multipule wordlists
- Colored text toggling
- Range Filtering
- WAF Evasion
The easyiest way is to clone the repo and intsall the moduls.
git clone https://github.com/MikeyPPPPPPPP/Fuzzy.git
cd Fuzzy
pip3 install -r requirments.txt
Basic Usage:
python3 fuzzy.py -u <url> -w <wordlis>
Youtube Demo here.
Two options assist tool chaining, the color and json output option. These options make it easier to parse they output by adding ansi color codes or outputing to a common format. By default their is no color added makingit ideal for worflow intigration.
-C Colored text
-j output to a json file
This project is ongoing and new feturs are going to be added as I think of them but for now here are a few.
-- add a Crtl + C stop filter updater
-- make core.setup able to detect previus configs and just update it instead of always makeing a new one
-- implement recurssion
--depth
--based on redirects
--403 forbidon
--if it is not an endpoint
-- To avoid signitures detection add the Fisher–Yates shuffleing algorighem to the core.tumbler.userAgent_tumbler.__init__()
If you want to contribute download the repo and work localy. A good place to start is core.spammer.py as its the backbone of the project. Since readability is a big part please include well documented comments and doc string.
Please add the command, config file, and a sample of your wordlist or something similare so I can help solve the problem.
Donate to your local church because I'm not worth anything.