Skip to content
/ http-fuzzer Public

Fuzzer of http/https virtual hosts (subdomains) of sites comparing by content.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

quckly/http-fuzzer

BranchesTags

Repository files navigation

HTTP Fuzzer

Fuzzer of HTTP(s) virtual hosts (subdomains). Determine virtual host by comparing response by Jaccard Index algorithm.

Features:

  • Do not resolve DNS.
  • SNI/Host brute forcing of subdomains.
  • Multithreaded and asynchronous
  • Determine virtual host by HTTP Status Code and Content

Build

gradlew build

Run

java -jar build/libs/http-fuzzer-1.0-SNAPSHOT.jar --target-ip <TARGET_IP> --base-domain <DOMAIN_FOR_FUZZING>

Example:

java -jar build/libs/http-fuzzer-1.0-SNAPSHOT.jar --target-ip 64.233.162.100 --base-domain google.com --dictionary-file dictionaries/alexaTop1mAXFRcommonSubdomains.txt

You need to provide dictionary of sub-domains. For example you can use: https://github.com/fuzzdb-project/fuzzdb/raw/master/discovery/dns/alexaTop1mAXFRcommonSubdomains.txt (used by default).

About

Fuzzer of http/https virtual hosts (subdomains) of sites comparing by content.

Topics

kotlin fuzzer security-analysis subdomain-scanner subdomain-brute fuzzers subdomain-enumeration subdomain-bruteforcing subdomain-fuzzer

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages