A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures.
-grep string
Specify custom grepping signatures. Ex -grep signatures.txt
-header string
Add any custom header if required. Ex: -header "Cookie: Session=12cbcx...."
-method string
Add method name if required. Ex: -method PUT. Default "GET" (default "GET")
-p string
Feed the list of payloads to fuzz. Ex: -p ~/wordlists/lfi.txt
-t int
Number of workers to use..default 40. Ex: -t 50 (default 40)
-verify
Only prints confirmed results. Ex -verify
$ go get -u -v github.com/shivangx01b/BountyIt
- Note: Urls must have keyword "FUZZ" like
https://example.com/FUZZ
or
https://example.com/?query=FUZZ
Single Url
echo "https://example.com/FUZZ" | BountyIt
Multiple Url
cat http_https.txt | BountyIt -t 70 -p payloads.txt -verify
Add another method if required
cat http_https.txt | BountyIt -t 70 -method "POST" -p payloads.txt -grep signatures.txt
Add header if required
cat http_https.txt | BountyIt -t 70 -header "Cookie: session=311x1211sx4..." -p payloads.txt -grep signatures.txt
- Note: Check wordlist dir for signatures.txt and basic fuzzing list for basic ssti, rce, lfi. Make sure to add -verify as potential issues create false positive.