Skip to content

neonify/lessgo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

116 Commits
lists
lists
 
 
pkg
pkg
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

     _
    | |___ ___ ___ ___ ___
    | | -_|_ -|_ -| . | . |
    |_|___|___|___|_  |___|
                  |___|



𝖑𝖊𝖘𝖘𝖌𝖔

A fast web fuzzer in golang


𝔸 𝕟𝕖𝕠𝕟𝕚𝕗𝕚𝕖𝕕 𝕥𝕠𝕠𝕝

Table Of Contents

FEATURES

  • Speed
    • It is super fast as it uses golang
    • It has 50 go routines (threads) by default , you can alter them by passing the flag -c
  • Easy Usage
  • Cross Platform

REQUIREMENTS

INSTALLATION

Same works for updating
$ go get -u github.com/neonify/lessgo
$ cd /usr/bin
$ go build github.com/neonify/lessgo

USAGE

  • Enter the URL by passing the flag -u , replace the value to be fuzzed with the word FUZZ

  • Enter the wordlist by passing the flag -f

Example :

lessgo -u https://www.example.com/FUZZ -f wordlist.txt

FLAGS

REQUIRED
-u      to specify the url 

CHOOSE ANY ONE 
-B      to specify a number range for pure bruteforce
-f      to specify the wordlist
-subd   wordlist of common subdomains (length : 871)
-dirs   wordlist of common directories (length : 1273822)
-lfi    wordlist of local file inclusion payloads (length : 961)

OPTIONAL 
-h      for help
-c      no of threads (default : 50)
-R      to follow redirects (default : false)
-G      to grep the given status codes (default : *)
-E      to exclude/hide the given status code (default : none)
-W      to grep a word (default : none)
-H      to specify the file containg headers
-D      to specify data to be sent (default : none)
-T      to specify timeout (default : 0)

FUZZING GET DATA

STEPS

  • Enter the parameters & their values as a part of the url
  • Replace the value tp be fuzzed with the word FUZZ

EXAMPLE

https://www.example.com?id=123&pwd=FUZZ

FUZZING POST DATA

STEPS

  • Enter the parameters and values by passing the flag -D
    • The parameters and their values should be differenciated by a = sign
    • A combination of a parameter and its value should be differnciated from the other by a & sign.
  • Replace the value to be fuzzed with the word FUZZ

EXAMPLE

-D "id=123&pwd=FUZZ"
Command 
lessgo -u https://www.example.com -D "uid=1001&pwd=FUZZ" -f list.txt

FUZZING HEADERS

STEPS

  • Paste the headers in a file
    • The parameters and their values should be differenciated by a : sign
    • A combination of parameter and its value should be differenciated from other by a new line
  • Replace the value/parameter to be fuzzed with the word FUZZ
  • Specify the file name by passing the flag -H

EXAMPLE OF FILE CONTAINING HEADERS

Host: FUZZ
Accept: */*
Connection: close
User-Agent: lessgo fuzzer
Referer: www.google.com
Command 
lessgo -u https://www.example.com -H file_containing_headers.txt

EXAMPLES

  • For Fuzzing GET data
lessgo -u https://www.example.com?id=FUZZ -f list.txt
  • For Grepping Status Codes
lessgo -u https://FUZZ.example.com -subd -G 403,404,400
  • For Pure Bruteforcing numbers
lessgo -u https://www.example.com?id=FUZZ -B 0-10
  • For subdomain fuzzing
lessgo -u https://FUZZ.example.com -subd
  • Attacking for Directories/Local File Inclusion
lessgo -u https://www.example.com/FUZZ -dirs/-lfi

VERSION

v 2.1.1

SUPPORT-FEEDBACK

SUPPORT

FEEDBACK

STARGAZERS Stargazers repo roster for @neonify/lessgo

Support us by hitting the star button above

About

A fast web fuzzer in golang

Resources

Readme

License

GPL-3.0 license
Activity

Stars

14 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 2

Lessgo v2.1.1 Latest
Nov 27, 2020
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages