GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → NozakiLabs → nozaki

NozakiLabs / nozaki

Licence: MIT license
HTTP fuzzer engine security oriented

Programming Languages

perl
6916 projects

Labels

apigraphqlhttpsecurityresearchrestfuzzingbugbountyfuzzerrestfullnozaki

Projects that are alternatives of or similar to nozaki

ras-fuzzer
RAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (+13.51%)
Mutual labels:  fuzzing, bugbounty, fuzzer
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+694.59%)
Mutual labels:  fuzzing, bugbounty, fuzzer
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+19483.78%)
Mutual labels:  fuzzing, bugbounty, fuzzer
Crlf Injection Scanner
Command line tool for testing CRLF injection on a list of domains.
Stars: ✭ 91 (+145.95%)
Mutual labels:  fuzzing, bugbounty, fuzzer
Fuzzcheck Rs
Structure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions.
Stars: ✭ 247 (+567.57%)
Mutual labels:  fuzzing, fuzzer
Intruderpayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+7410.81%)
Mutual labels:  fuzzing, bugbounty
afl-dyninst
American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries
Stars: ✭ 65 (+75.68%)
Mutual labels:  fuzzing, fuzzer
Javafuzz
coverage guided fuzz testing for java
Stars: ✭ 193 (+421.62%)
Mutual labels:  fuzzing, fuzzer
SourceWolf
Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
Stars: ✭ 132 (+256.76%)
Mutual labels:  fuzzing, bugbounty
roboxtractor
Extract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (+8.11%)
Mutual labels:  fuzzing, bugbounty
afl-dynamorio
run AFL with dynamorio
Stars: ✭ 32 (-13.51%)
Mutual labels:  fuzzing, fuzzer
Honggfuzz Rs
Fuzz your Rust code with Google-developed Honggfuzz !
Stars: ✭ 222 (+500%)
Mutual labels:  fuzzing, fuzzer
Onelistforall
Rockyou for web fuzzing
Stars: ✭ 213 (+475.68%)
Mutual labels:  fuzzing, bugbounty
Kafl
A fuzzer for full VM kernel/driver targets
Stars: ✭ 204 (+451.35%)
Mutual labels:  research, fuzzing
Gramfuzz
gramfuzz is a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats.
Stars: ✭ 209 (+464.86%)
Mutual labels:  fuzzing, fuzzer
HITB2020 FSFUZZER
My Material for the HITB presentation
Stars: ✭ 33 (-10.81%)
Mutual labels:  fuzzing, fuzzer
IEC61850-MMS-Fuzzer
Mutation Based Fuzzer for IEC61850 Server IED'S
Stars: ✭ 20 (-45.95%)
Mutual labels:  fuzzing, fuzzer
afl-pin
run AFL with pintool
Stars: ✭ 64 (+72.97%)
Mutual labels:  fuzzing, fuzzer
Pythonfuzz
coverage guided fuzz testing for python
Stars: ✭ 175 (+372.97%)
Mutual labels:  fuzzing, fuzzer
Sharpfuzz
AFL-based fuzz testing for .NET
Stars: ✭ 185 (+400%)
Mutual labels:  fuzzing, fuzzer
View All Similar Projects ➔

Nozaki

HTTP engine fuzzer security oriented

Summary

⚠️ Warning: Nozaki is currently in development, you've been warned :) and please consider contributing!

"Fuzzing is one of the most powerful and proven strategies for identifying security issues in real-world software" and for this reason, Nozaki tries to bridge the gap for a complete solution focused on web applications.

The idea is that this solution is complete enough to cover the entire fuzzing process in a web application (be it a monolith, a REST API, or even a GraphQL API) being fully parameterized, piped with other tools and with amazing filters.

Nozaki supports dynamic workflows written in YAML, from there we can write test cases only once and then reuse them as many times as necessary on different targets.

Download & Install

  $ git clone https://github.com/NozakiLabs/nozaki && cd nozaki
  $ cpan install Find::Lib JSON YAML::Tiny Mojo::UserAgent # or cpanm --installdeps .

How to use

$ perl nozaki.pl

Nozaki v0.2.6
Core Commands
==============
    Command           Description
    -------           -----------
    -A, --accept      Define a custom 'Accept' header
    -T, --tasks       The number of threads to run in parallel
    -H, --header      Define a custom header (header=value)
    -m, --method      Define HTTP methods to use during fuzzing, separeted by ","
    -u, --url         Define a target
    -w, --wordlist    Define wordlist of paths
    -d, --delay       Define seconds of delay between requests
    -a, --agent       Define a custom User Agent
    -r, --return      Set a filter based on HTTP Response Code
    -e, --exclude     Exclude a specific result based on HTTP Response Code
    -t, --timeout     Define the timeout, default is 10s
    -p, --payload     Send a custom data
    -j, --json        Display the results in JSON format
    -W, --workflow    Pass a YML file with a fuzzing workflow
    -S, --skip-ssl    Ignore SSL verification
    -l, --length      Filter by content response length
    -h, --help        See this screen

Basic examples

# Content Discovery: finding pages with 200 response code for the GET method
$ perl nozaki.pl --method GET --url https://nozaki.io/ --return 200 --wordlist /path/to/wordlist.txt

Code: 200 | URL: https://nozaki.io/CNAME | Method: GET | Response: OK | Length: null
Code: 200 | URL: https://nozaki.io/index | Method: GET | Response: OK | Length: 6335
Code: 200 | URL: https://nozaki.io/index.html | Method: GET | Response: OK | Length: 6335
Code: 200 | URL: https://nozaki.io//README.md | Method: GET | Response: OK | Length: 3950
# Discovery HTTP methods supported by the application with a personalized wordlist and auth token
$ perl nozaki.pl -u http://lab.nozaki.io:8081 -e 404,400,405 -w ~/path/to/wordlist.txt -H "X-Auth-Token=da1b16b40fe719cb73c7a19e2b6fa9c7" -H "Content-type=application/json"

Code: 200 | URL: http://lab.nozaki.io:8081/ | Method: GET | Response: OK | Length: 85
Code: 200 | URL: http://lab.nozaki.io:8081/ | Method: HEAD | Response: OK | Length: 85
Code: 200 | URL: http://lab.nozaki.io:8081/tokens | Method: GET | Response: OK | Length: 246
Code: 500 | URL: http://lab.nozaki.io:8081/tokens | Method: POST | Response: Internal Server Error | Length: 1469
Code: 200 | URL: http://lab.nozaki.io:8081/user/6 | Method: GET | Response: OK | Length: 72
Code: 200 | URL: http://lab.nozaki.io:8081/tokens | Method: HEAD | Response: OK | Length: 246
Code: 200 | URL: http://lab.nozaki.io:8081/uptime | Method: GET | Response: OK | Length: 129
Code: 200 | URL: http://lab.nozaki.io:8081/user/6 | Method: HEAD | Response: OK | Length: 72
Code: 200 | URL: http://lab.nozaki.io:8081/uptime | Method: HEAD | Response: OK | Length: 129
# Using a YAML workflow for "complex" fuzzing tests cases
rules:
  - description: Find valid paths based on CMS directories
    method: GET
    wordlist: wordlists/technologies/cmsmap.txt
    return: 200
  - description: Find valid paths based on Wordpress
    method: GET
    wordlist: wordlists/technologies/wordpress.txt
    return: 200
  - description: Find valid paths based on Drupal
    method: GET
    wordlist: wordlists/technologies/drupal.txt
    return: 200
$ perl nozaki.pl -u http://lab.nozaki.io:31337/ -W /path/to/workflows/cms.yml

Code: 200 | URL: http://lab.nozaki.io:31337/wp-content/plugins/easy-wp-smtp/ | Method: GET | Response: OK | Length: null
Code: 200 | URL: http://lab.nozaki.io:31337/wp-json/wp/v2/users/ | Method: GET | Response: OK | Length: null
Code: 200 | URL: http://lab.nozaki.io:31337/wp-config.php | Method: GET | Response: OK | Length: null
Code: 200 | URL: http://lab.nozaki.io:31337/wp-content/backup-db/ | Method: GET | Response: OK | Length: null

Contribution

License

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].