hackingyseguridad/fuzzer
GitHub: hackingyseguridad/fuzzer
一个基于字典的 HTTP 模糊测试工具,用于发现 Web 站点中的隐藏文件和目录。
Stars: 0 | Forks: 3
```
███████╗██╗ ██╗███████╗███████╗███████╗██████╗
██╔════╝██║ ██║╚══███╔╝╚══███╔╝██╔════╝██╔══██╗
█████╗ ██║ ██║ ███╔╝ ███╔╝ █████╗ ██████╔╝
██╔══╝ ██║ ██║ ███╔╝ ███╔╝ ██╔══╝ ██╔══██╗
██║ ╚██████╔╝███████╗███████╗███████╗██║ ██║
╚═╝ ╚═════╝ ╚══════╝╚══════╝╚══════╝╚═╝ ╚═╝
```
## fuzzer http 与 https
fuzzer 用于发现文件/文件夹,它通过使用常见词汇的字典,在 Web 服务器上尝试路径组合来寻找潜在目标。通过以下响应来发现网站 URL 中有价值的文件:
HTTP/1.1 200 OK..
HTTP/1.1 403 OK
HTTP/1.1 500 OK
### 安装:
git clone https://github.com/hackingyseguridad/fuzzer
cd fuzzer
chmod 777 *
sh generacert.sh
使用方法.:
#sh fuzzer.sh URL
### HTTP 响应状态码:
### 403 Forbidden - 绕过
- Bash Shell 脚本,用于测试对禁止访问目录的绕过,这些目录会返回 403 Forbidden 错误!通过添加 X Header 或伪装成 host 本身或 localhost 的 IP,例如:
localhost 的 X Header:
Client-IP: 127.0.0.1
Forwarded-For-Ip: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded-For: localhost
Forwarded: 127.0.0.1
Forwarded: localhost
True-Client-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forward: 127.0.0.1
X-Forward: localhost
X-Forwarded-By: 127.0.0.1
X-Forwarded-By: localhost
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For-Original: localhost
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: localhost
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Server: localhost
X-Forwarded: 127.0.0.1
X-Forwarded: localhost
X-Forwared-Host: 127.0.0.1
X-Forwared-Host: localhost
X-Host: 127.0.0.1
X-Host: localhost
X-HTTP-Host-Override: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-Addr: localhost
X-Remote-IP: 127.0.0.1
# http://www.hackingyseguridad.com/
#
### 403 Forbidden - 绕过
- Bash Shell 脚本,用于测试对禁止访问目录的绕过,这些目录会返回 403 Forbidden 错误!通过添加 X Header 或伪装成 host 本身或 localhost 的 IP,例如:
localhost 的 X Header:
Client-IP: 127.0.0.1
Forwarded-For-Ip: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded-For: localhost
Forwarded: 127.0.0.1
Forwarded: localhost
True-Client-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forward: 127.0.0.1
X-Forward: localhost
X-Forwarded-By: 127.0.0.1
X-Forwarded-By: localhost
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For-Original: localhost
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: localhost
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Server: localhost
X-Forwarded: 127.0.0.1
X-Forwarded: localhost
X-Forwared-Host: 127.0.0.1
X-Forwared-Host: localhost
X-Host: 127.0.0.1
X-Host: localhost
X-HTTP-Host-Override: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-Addr: localhost
X-Remote-IP: 127.0.0.1
# http://www.hackingyseguridad.com/
#标签:Bash脚本, CISA项目, HTTP模糊测试, Web安全, 大数据, 安全工具, 渗透测试, 目录扫描, 蓝队分析