Light

r4gn4r0k-sec / userefuzz Goto Github PK

View Code? Open in Web Editor NEW

This project forked from root-tanishq/userefuzz

0.0 0.0 0.0 3.24 MB

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer

Home Page: https://pypi.org/project/userefuzz/

License: MIT License

Python 96.60% PHP 3.40%

userefuzz's Introduction

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer made with `python`
Works on `linux` and `unix` based systems

Legal Disclaimer

Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

Installation

pip

sudo pip install userefuzz

setup

git clone https://github.com/root-tanishq/userefuzz
cd userefuzz
sudo python3 setup.py install

Usage

Parsing URLs

Parsing a list of URLs

$ userefuzz -l <LIST>

Parsing a URL

$ userefuzz -u <URL>

Parsing stdin URLs

$ <STDIN LIST> | userefuzz

Use -v switch for verbose(includes non-vuln detected URLs) output

Multi Processing

Multi Processing will create more process and will increase the speed of the tool.

$ userefuzz <LIST / URL> -w <WORKER COUNT>

Proxy Interception And Custom Injection

Proxy interception of vulnerable request

$ userefuzz <LIST/URL> -p <PROXY>

Custom message in request

$ userefuzz <LIST/URL> -m <MESSAGE>

Custom payload with custom sleep

Replace sleep time with $UFZ$ variable for double verification of userefuzz

$ userefuzz <LIST/URL> -i <CUSTOM SQLI PAYLOAD> -s <SLEEP COUNT IN THE PAYLOAD>

Multi payload with custom sleep

Replace sleep time with $UFZ$ variable for double verification of userefuzz

$ userefuzz <LIST/URL> -i <SQLI PAYLOAD FILE> -s <SLEEP COUNT IN THE PAYLOAD>

Custom header injection

$ userefuzz <LIST/URL> -ch <CUSTOM HEADER NAME>

Multi header injection

For multiple headers use | as shown below.

$ userefuzz <LIST/URL> -ch <CUSTOM HEADER NAME|OTHER HEADERS>

Output

Markdown output

$ userefuzz <LIST/URL> -o <OUTPUT FILE NAME WITHOUT EXT>

Output file content

userefuzz's People

Contributors

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.