hackingyseguridad/fuzzer

GitHub: hackingyseguridad/fuzzer

一个基于字典的 HTTP 模糊测试工具,用于发现 Web 站点中的隐藏文件和目录。

Stars: 0 | Forks: 3

``` ███████╗██╗ ██╗███████╗███████╗███████╗██████╗ ██╔════╝██║ ██║╚══███╔╝╚══███╔╝██╔════╝██╔══██╗ █████╗ ██║ ██║ ███╔╝ ███╔╝ █████╗ ██████╔╝ ██╔══╝ ██║ ██║ ███╔╝ ███╔╝ ██╔══╝ ██╔══██╗ ██║ ╚██████╔╝███████╗███████╗███████╗██║ ██║ ╚═╝ ╚═════╝ ╚══════╝╚══════╝╚══════╝╚═╝ ╚═╝ ``` ## fuzzer http 与 https fuzzer 用于发现文件/文件夹,它通过使用常见词汇的字典,在 Web 服务器上尝试路径组合来寻找潜在目标。通过以下响应来发现网站 URL 中有价值的文件: HTTP/1.1 200 OK.. HTTP/1.1 403 OK HTTP/1.1 500 OK ### 安装: git clone https://github.com/hackingyseguridad/fuzzer cd fuzzer chmod 777 * sh generacert.sh 使用方法.: #sh fuzzer.sh URL ### HTTP 响应状态码: Codigos HTTP ### 403 Forbidden - 绕过 - Bash Shell 脚本,用于测试对禁止访问目录的绕过,这些目录会返回 403 Forbidden 错误!通过添加 X Header 或伪装成 host 本身或 localhost 的 IP,例如: localhost 的 X Header: Client-IP: 127.0.0.1 Forwarded-For-Ip: 127.0.0.1 Forwarded-For: 127.0.0.1 Forwarded-For: localhost Forwarded: 127.0.0.1 Forwarded: localhost True-Client-IP: 127.0.0.1 X-Client-IP: 127.0.0.1 X-Custom-IP-Authorization: 127.0.0.1 X-Forward-For: 127.0.0.1 X-Forward: 127.0.0.1 X-Forward: localhost X-Forwarded-By: 127.0.0.1 X-Forwarded-By: localhost X-Forwarded-For-Original: 127.0.0.1 X-Forwarded-For-Original: localhost X-Forwarded-For: 127.0.0.1 X-Forwarded-For: localhost X-Forwarded-Server: 127.0.0.1 X-Forwarded-Server: localhost X-Forwarded: 127.0.0.1 X-Forwarded: localhost X-Forwared-Host: 127.0.0.1 X-Forwared-Host: localhost X-Host: 127.0.0.1 X-Host: localhost X-HTTP-Host-Override: 127.0.0.1 X-Originating-IP: 127.0.0.1 X-Real-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1 X-Remote-Addr: localhost X-Remote-IP: 127.0.0.1 # http://www.hackingyseguridad.com/ #
标签:Bash脚本, CISA项目, HTTP模糊测试, Web安全, 大数据, 安全工具, 渗透测试, 目录扫描, 蓝队分析