Skip to content

A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures

Notifications You must be signed in to change notification settings

Shivangx01b/BountyIt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 

Repository files navigation



What is BountyIt ?

A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures.

Help

-grep string
        Specify custom grepping signatures. Ex -grep signatures.txt
  -header string
        Add any custom header if required. Ex: -header "Cookie: Session=12cbcx...."
  -method string
        Add method name if required. Ex: -method PUT. Default "GET" (default "GET")
  -p string
        Feed the list of payloads to fuzz. Ex: -p ~/wordlists/lfi.txt
  -t int
        Number of workers to use..default 40. Ex: -t 50 (default 40)
  -verify
        Only prints confirmed results. Ex -verify

How to Install

$ go get -u -v github.com/shivangx01b/BountyIt

Usage

  • Note: Urls must have keyword "FUZZ" like
https://example.com/FUZZ 
       or 
https://example.com/?query=FUZZ

Single Url

echo "https://example.com/FUZZ" | BountyIt

Multiple Url

cat http_https.txt | BountyIt -t 70 -p payloads.txt -verify

Add another method if required

cat http_https.txt | BountyIt -t 70  -method "POST" -p payloads.txt -grep signatures.txt

Add header if required

cat http_https.txt | BountyIt -t 70  -header "Cookie: session=311x1211sx4..." -p payloads.txt -grep signatures.txt
  • Note: Check wordlist dir for signatures.txt and basic fuzzing list for basic ssti, rce, lfi. Make sure to add -verify as potential issues create false positive.

Screenshot

1414

About

A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages