Skip to content
/ Smart-Fuzzer Public

An AI-powered Directory Fuzzer that intelligently predicts and discovers hidden endpoints based on previously identified ones.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Auxilium-Cyber-Security-GmbH/Smart-Fuzzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
config.yaml
config.yaml
 
 
fuzzer.py
fuzzer.py
 
 
requirements.txt
requirements.txt
 
 
wordlist.txt
wordlist.txt
 
 

Repository files navigation

Smart Fuzzer

The Smart Directory Fuzzer is a tool designed to automate the discovery of hidden endpoints and directories within web applications. By combining traditional wordlist fuzzing with AI-powered endpoint discovery, this fuzzer adapts to the unique structure of each web application, improving the depth and accuracy of the fuzzing process. The tool leverages GPT to generate custom wordlists based on the context, technology, and naming conventions used by the target application

Features

  • Wordlist Fuzzing: Supports standard wordlist-based fuzzing.

  • GAU (GetAllURLs) Integration: Uses GAU to gather additional endpoint data from sources like Wayback Machine and Common Crawl.

  • AI-Powered Directory Fuzzing: Uses AI to intelligently guess hidden API endpoints based on previously found patterns.

  • Recursive Endpoint Discovery: Automatically follows discovered links to explore nested endpoints.

  • Sensitive Content Analysis: Leverages OpenAI to assess the sensitivity of endpoint responses.

  • Automated Naming Convention Extraction: Identifies naming patterns in existing endpoints to predict other valid endpoints that follow similar conventions.

  • Technology Stack Detection: Detects the tech stack of the target application and adjusts AI-driven guesses accordingly.

Installation

Prerequisites

Ensure you have Python 3.7 or above installed.

  1. Clone the repository:

    git clone https://github.com/Auxilium-Cyber-Security-GmbH/Smart-Fuzzer.git
cd Smart-Fuzzer

  2. Install required packages:

    pip install -r requirements.txt

  3. Set up configuration file:
    Modify the config.yaml file to set your OpenAI API key, your standard wordlist path and any extensions you want to blacklist.

Usage

To run the fuzzer, use the following syntax:

python fuzzer.py <url> <size> [options]

Arguments

  • url: The target URL for fuzzing.
  • size: The number of endpoints in the wordlist generated by OpenAI.

Options

  • --headers: Custom headers for requests in key:value format.
  • --blacklist: Comma-separated list of file extensions to exclude (e.g., ttf,woff,svg,png).
  • --include_5xx: Include server errors (5xx status codes) in the output.
  • --https: Only follow HTTPS links.
  • --http: Only follow HTTP links.
  • --analyze_content: Analyze responses for sensitive information using AI.

Example Usage

python fuzzer.py https://example.com 50

Contributing

Contributions are welcome! Please open an issue or submit a pull request to discuss potential improvements or bugs.

About

An AI-powered Directory Fuzzer that intelligently predicts and discovers hidden endpoints based on previously identified ones.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages