incase anyone is looking for a decent URL fuzzer: here you go bud
Build Status: Done
Discover hidden files and directories on a web server. The application tries to find url relative paths of the given website by comparing them with a given set. Go-url-fuzzer is inspired by Indir Scanner, which is written in Perl. Comparing to Indir Scanner, the application supports concurrent url fuzzing.
- Fuzz url set from an input file
- Concurrent relative path search
- Configurable number of fuzzing workers
- Configurable time wait periods between fuzz tests per worker
- Custom HTTP headers support
- Various HTTP methods support
$ go-url-fuzzer --help
usage: go-url-fuzzer [<flags>] <fuzz-set-file> <base-url>
Discover hidden files and directories on a web server.
--help Show help (also see --help-long and --help-man).
-h, --header="Name: value"
Custom HTTP header added to every fuzz request, format: "name: value"
-m, --method=GET HTTP method used in tests (GET, POST, PUT, DELETE, HEAD, OPTIONS)
Output text file with found urls and statuses
-t, --timeout=5s Fuzzed url response timeout
HTTP error code
Number of workers
Time wait period between fuzz tests per worker
--version Show application version.
<fuzz-set-file> File containing fuzz entry set, one entry per line
<base-url> Number of packets to send
go-url-fuzzer -h "User-Agent: curl" -h "Cookie: token=1" -m "GET" -m "POST" resources/input-data/fuzz_02.txt http://domain.tld/any-dir/
you can either install or build it with
or just install golang and run
go run main.go