Skip to content

Latest commit

ย 

History

History
153 lines (101 loc) ยท 4.47 KB

README.md

File metadata and controls

153 lines (101 loc) ยท 4.47 KB

๐ŸŽช AFUZZ: Async URL Fuzzer ๐ŸŽฎ

Welcome to AFUZZ, a lightweight and efficient URL fuzzing tool designed to test web applications for vulnerabilities or hidden endpoints. Whether you're a penetration tester, bug bounty hunter, or just someone who loves exploring the unknown, AFUZZ is here to make your fuzzing experience both fun and powerful! ๐ŸŽ‰

๐ŸŽฏ Features

  • ๐ŸŒ Supports Synchronous and Asynchronous Modes
    Choose between synchronous (blocking) or asynchronous (non-blocking) fuzzing for optimal performance.

  • โšก Fast and Efficient
    Leverages aiohttp for blazing-fast asynchronous requests.

  • ๐Ÿ› ๏ธ Customizable Payloads
    Use your own wordlists to replace placeholders in the base URL.

  • โœ… Logs Only Successful Responses (200)
    Outputs only URLs with 200 OK responses, keeping your results clean and focused.

  • ๐Ÿ–๏ธ Color-Coded Output
    Highlights successful URLs in green for better visibility.

  • ๐Ÿ’พ Output Results to File
    Saves results to a specified file for later analysis.

๐Ÿ•น๏ธ How It Works

AFUZZ replaces the @ placeholder in the base URL with payloads from a wordlist and sends HTTP requests to test each variation. You can choose between synchronous or asynchronous modes based on your needs.

๐ŸŽช Installation

  1. Clone this repository:

    git clone https://github.com/yourusername/afuzz.git
cd AFUZZ

  2. Install dependencies:

    pip install -r requirements.txt

  3. You're ready to fuzz! ๐ŸŽ‰

๐ŸŽฎ Usage

Run the script with the following options:

python afuzz.py -u <base_url> -w <wordlist> -o <output_file> -m <mode>

Options:

Option Description
-u, --url Base URL with @ as a placeholder (e.g., https://example.com/@).
-w, --wordlist Path to your wordlist file containing payloads (one per line).
-o, --output Path to the output file where results will be saved (e.g., results.txt).
-m, --mode Fuzzing mode: sync (synchronous) or async (asynchronous). Default is sync.

๐ŸŽข Examples

Example 1: Synchronous Fuzzing

python afuzz.py -u "https://example.com/@" -w wordlist.txt -o results.txt -m sync

Example 2: Asynchronous Fuzzing

python afuzz.py -u "https://example.com/@" -w wordlist.txt -o results.txt -m async

Example Output:

Console Output:

https://response1.com
https://response2.com

Successful responses (200): 2

Output File (results.txt):

https://response1.com
https://response2.com

๐ŸŽญ How It Works Under the Hood

๐Ÿงฉ Core Functions:

  1. URL Validation
    Ensures the base URL is valid and contains the placeholder (@).

  2. Synchronous Fuzzing (sync_fuzz)
    Replaces the placeholder with each payload, sends HTTP requests using requests, and logs only successful responses (200 OK).

  3. Asynchronous Fuzzing (async_fuzz)
    Uses aiohttp to perform non-blocking HTTP requests, allowing multiple URLs to be tested simultaneously for faster results.

  4. Output Handling
    Logs only successful URLs (200 OK) to both the console and an output file for clarity and simplicity.

๐Ÿ› ๏ธ Code Overview

Here's a brief overview of how AFUZZ works:

Main Components:

  1. Input Validation:
    Ensures the base URL, wordlist, and other inputs are valid before proceeding.

  2. Synchronous Mode:
    Uses Python's requests library to send HTTP requests one at a time.

  3. Asynchronous Mode:
    Leverages Python's asyncio and aiohttp libraries for concurrent requests.

  4. Output Results:
    Logs only URLs with a status code of 200 (OK) to both the console and output file.

๐Ÿ›ก๏ธ Error Handling

AFUZZ handles common errors gracefully:

  • Invalid URLs are flagged during validation.
  • Errors during HTTP requests are logged but do not interrupt execution.
  • If an output file already exists, you'll be prompted before overwriting it.

๐ŸŽˆ License

This project is licensed under MIT License. Feel free to use it in your projects! ๐Ÿ˜Š

Happy fuzzing! ๐Ÿš€