hackingyseguridad/fuzzer
GitHub: hackingyseguridad/fuzzer
一个基于字典的 HTTP 模糊测试工具,用于发现 Web 站点中的隐藏文件和目录。
Stars: 0 | Forks: 3
```
███████╗██╗ ██╗███████╗███████╗███████╗██████╗
██╔════╝██║ ██║╚══███╔╝╚══███╔╝██╔════╝██╔══██╗
█████╗ ██║ ██║ ███╔╝ ███╔╝ █████╗ ██████╔╝
██╔══╝ ██║ ██║ ███╔╝ ███╔╝ ██╔══╝ ██╔══██╗
██║ ╚██████╔╝███████╗███████╗███████╗██║ ██║
╚═╝ ╚═════╝ ╚══════╝╚══════╝╚══════╝╚═╝ ╚═╝
```
## fuzzer http y https
fuzzer para descubrir archivos/carpetas mediante pruebas de combinaciones de rutas en un servidor web usando un diccionario de palabras comunes. Descubre archivos interesantes en una url de sitio web a través de las respuestas:
HTTP/1.1 200 OK..
HTTP/1.1 403 OK
HTTP/1.1 500 OK
### Instalación:
git clone https://github.com/hackingyseguridad/fuzzer
cd fuzzer
chmod 777 *
sh generacert.sh
Uso.:
#sh fuzzer.sh URL
### Códigos de respuestas HTTP:
### 403 Forbidden - Bypass
- Scripts en Bash Shell, para probar fisuras a las carpetas prohibidas, que devuelven un error 403 forbidden!, con X Cabeceras o simulando ser la IP del propio host o de localhost, p.ej.:
Cabeceras X de localhost:
Client-IP: 127.0.0.1
Forwarded-For-Ip: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded-For: localhost
Forwarded: 127.0.0.1
Forwarded: localhost
True-Client-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forward: 127.0.0.1
X-Forward: localhost
X-Forwarded-By: 127.0.0.1
X-Forwarded-By: localhost
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For-Original: localhost
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: localhost
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Server: localhost
X-Forwarded: 127.0.0.1
X-Forwarded: localhost
X-Forwared-Host: 127.0.0.1
X-Forwared-Host: localhost
X-Host: 127.0.0.1
X-Host: localhost
X-HTTP-Host-Override: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-Addr: localhost
X-Remote-IP: 127.0.0.1
# http://www.hackingyseguridad.com/
### 403 Forbidden - Bypass
- Scripts en Bash Shell, para probar fisuras a las carpetas prohibidas, que devuelven un error 403 forbidden!, con X Cabeceras o simulando ser la IP del propio host o de localhost, p.ej.:
Cabeceras X de localhost:
Client-IP: 127.0.0.1
Forwarded-For-Ip: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded-For: localhost
Forwarded: 127.0.0.1
Forwarded: localhost
True-Client-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forward: 127.0.0.1
X-Forward: localhost
X-Forwarded-By: 127.0.0.1
X-Forwarded-By: localhost
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For-Original: localhost
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: localhost
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Server: localhost
X-Forwarded: 127.0.0.1
X-Forwarded: localhost
X-Forwared-Host: 127.0.0.1
X-Forwared-Host: localhost
X-Host: 127.0.0.1
X-Host: localhost
X-HTTP-Host-Override: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-Addr: localhost
X-Remote-IP: 127.0.0.1
# http://www.hackingyseguridad.com/标签:403 绕过, Bash 脚本, Client-IP, Cutter, fuzzer, hackingyseguridad, HTTPS 扫描, https 探测, http 探测, HTTP 模糊测试, IP 头伪造, localhost 绕过, Shell 脚本, Web 安全, Web 文件夹发现, X-Forwarded-For, 大数据, 安全测试, 应用安全, 开源安全工具, 攻击性安全, 目录扫描, 路径遍历, 逆向工程平台