Skip to content
/ lunarfuzz Public

WIP: Directory fuzzer for single page apps that require a browser to render content, with an interface similar to ffuf

6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eversinc33/lunarfuzz

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
driver
driver
 
 
fuzz
fuzz
 
 
logger
logger
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

LunarFuzz

Fuzzer for Dynamic JS applications, such as Angular apps, that require a browser that renders the JS and thus can not be fuzzed with tools like ffuf (afaik). LunarFuzz uses go-rod, a selenium-like toolkit which runs a headless browser that does the requests.

Installation

go install github.com/eversinc33/lunarfuzz@latest

Usage

.-.   .-. .-..-. .-.  .--.  .----. .----..-. .-. .---. .---. 
| |   | { } ||  `| | / {} \ | {}  }| {_  | { } |{_   /{_   / 
| `--.| {_} || |\  |/  /\  \| .-. \| |   | {_} | /    }/    }
`----'`-----'`-' `-'`-'  `-'`-' `-'`-'   `-----' `---' `---'
LunarFuzz v0.0.1

usage: lunarfuzz [-h|--help] -u|--url "<value>" -w|--wordlist "<value>" [--fs
                 "<value>"] [--fw "<value>"] [--fm "<value>"] [-b|--cookies
                 "<value>"] [-H|--Headers "<value>"] [--screenshot]
                 [-t|--threads <integer>] [--no-ac] [--2f2f] [-o|--output-file
                 "<value>"]

                 Directory fuzzer for dynamic JS & single page apps

Arguments:

  -h  --help         Print help information
  -u  --url          Target url
  -w  --wordlist     Wordlist to use
      --fs           Filter responses by size. Can also specify multiple, e.g.
                     80,102
      --fw           Filter responses by word count. Can also specify multiple,
                     e.g. 100,101,102
      --fm           Filter responses by substring match. Can also specify
                     multiple, e.g. '404,Not found'
  -b  --cookies      Cookies to use in the format of 'authToken=abcdefg;
                     __otherCookie=1'
  -H  --Headers      Headers to use in the format of 'Header: Value; Header:
                     Value'
      --screenshot   Save screenshots for matches. Default: false
  -t  --threads      Number of threads. Default: 5
      --no-ac        Do not run autocalibration if no filter is given. Will
                     output every url as a finding. Default: false
      --2f2f         Do not wait for page to render completely. Default: false
  -o  --output-file  File to save all matching urls to

Examples:

# Autocalibrate, add cookies, save screenshots on match
lunarfuzz -u https://target.site -w /usr/share/wordlists/dirb/big.txt --screenshot -b "SESSION=XYZ; __OTHER_COOKIE=1"
# filter by sizes
lunarfuzz -u https://target.site -w /usr/share/wordlists/dirb/big.txt --fs 1000,1001
# filter by string match, use a custom header, save findings to file and use 20 threads
lunarfuzz -u https://target.site -w /usr/share/wordlists/dirb/big.txt -fm "404,not found" -t 20 -H "Authorization: Basic ZGVlejpudXRz" -o ./matches.txt

Disclaimer

I don't know shit about go, so dont expect good/performant code. But python was too slow, Nim didn't have a good library for a webdriver and I hate writing Rust-code with a passion, so here we are.

About

WIP: Directory fuzzer for single page apps that require a browser to render content, with an interface similar to ffuf

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages