Web Fuzzer

Web Dynamic Analysis Tool

Install • Roadmap • Contact • Copyright

Our Web Fuzzer is consist of Grammar Fuzzer inside. Unlike dictionary based fuzzer, our payloads are more various and effective.

Install

For now, our Web Fuzzer supports only Windows.

python 3.10.11 by pyenv

you can skip this step if you have python 3.10.11 already.

Invoke-WebRequest -UseBasicParsing -Uri "https://raw.githubusercontent.com/pyenv-win/pyenv-win/master/pyenv-win/install-pyenv-win.ps1" -OutFile "./install-pyenv-win.ps1"; &"./install-pyenv-win.ps1"
pyenv install 3.10.11

install dependency

pip install -r requirements.txt

chrome

Chrome is neccessary! we use chrome for selenium webdriver inside.

usage

First, set .env for your target that you want to investigate. Then you can run command like below

python web_fuzzer/main.py

how to config .env

DVWA: this is for newcomers, only use with DVWA turn it "True" to use this.

options below works when DVWA set "False"

BASE_URL: target base url
LOGIN_URL: login url for target
ID: test id
PW: test password
ID_INPUT_NAME: login input tag name attr value for ID
PW_INPUT_NAME: login input tag name attr value for PW
SUBMIT_INPUT_NAME: login input tag name attr value for login button

DVWA

if you don't have any target for security testing, here's DVWA for you.

To do that, edit DEBUG value in .env file from DVWA="False" to DVWA="True"

docker pull vulnerables/web-dvwa
docker run -it -p 80:80 vulnerables/web-dvwa

and connect localhost in browser with login info

ID : admin
PW : password

after login, click Create / Reset Database button in setup page

if you want to use this env after reboot, you can commit your docker container.

docker ps -all
docker commit [CONTAINER ID] vulnerables/web-dvwa

Roadmap

support linux (handling new window)
folder path hardcorded -> dynamic path using os.path module

Features

Crawling urls from target with credential.
Customize dictionary for Broken Access Control
Detect vulnerabilities using GRAMMAR Fuzzer
- Broken Access Control
- Command Injection
- Local File Inclusion
- SQL Injection
- XSS
Generate HTML report

Contact

If you need to get in-touch with me (silvergun8291 – lead developer),

please do so at the following email address: sv5506829sv@gmail.com

Name		Name	Last commit message	Last commit date
Latest commit History 85 Commits
static/dictionary		static/dictionary
test/example/dvwa		test/example/dvwa
web_fuzzer		web_fuzzer
.env		.env
.gitignore		.gitignore
.python-version		.python-version
README.md		README.md
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Web Fuzzer

Web Dynamic Analysis Tool

Install • Roadmap • Contact • Copyright

Install

python 3.10.11 by pyenv

install dependency

chrome

usage

how to config .env

DVWA

Roadmap

Features

Contact

Copyright

About

Releases

Packages

Contributors 3

Languages

silvergun8291/web_fuzzer

Folders and files

Latest commit

History

Repository files navigation

Web Fuzzer

Web Dynamic Analysis Tool

Install • Roadmap • Contact • Copyright

Install

python 3.10.11 by pyenv

install dependency

chrome

usage

how to config .env

DVWA

Roadmap

Features

Contact

Copyright

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages