Our great sponsors
ffuf | community | |
---|---|---|
17 | 1 | |
11,264 | 2,728 | |
3.6% | 1.1% | |
6.1 | 9.4 | |
1 day ago | 3 days ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ffuf
-
Show HN: Pfuzz, a web fuzzer following the Unix philosophy
It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular web fuzzers ffuf [1] and wfuzz [2] also call themselves fuzzers.
I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.
You can use radamsa [1] to create mutations for JSON payloads. There's an example using it with ffuf here: https://github.com/ffuf/ffuf?tab=readme-ov-file#using-extern...
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
FFUF
-
Pentesting Tools I Use Everyday
Learn more about ffuf here: https://github.com/ffuf/ffuf
-
Tips on enumerating unknown APIs in my environment?
Also, I see you mentioned using curl. You can checkout ffuf which is closely related but more geared towards what you're doing.
- Fastest webpath scanner out here?
-
Brute forcing a website link
Custom word list with ffuf. https://github.com/ffuf/ffuf.
So ffuf (https://github.com/ffuf/ffuf) or wfuzz (https://github.com/xmendez/wfuzz) are a better choice to enumerate GET/POST parameters/values.
- Do not leave your Radarr instance public
-
Here's my quick tutorial on using Dirbuster! Enjoy!
Dirbuster always bugs for me, I can't change anything after starting an attack without getting the entire GUI messed up. I recommend trying out ffuf or feroxbuster.
community
-
Gopher Gold #10 - Wed Sep 09 2020
istio/community (Go): Istio governance material.
What are some alternatives?
gobuster - Directory/File, DNS and VHost busting tool written in Go
feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
go-sql-driver/mysql - Go MySQL Driver is a MySQL driver for Go's (golang) database/sql package
go - The Go programming language
ksubdomain - 无状态子域名爆破工具
argo-cd - Declarative Continuous Deployment for Kubernetes
bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
go-ethereum - Official Go implementation of the Ethereum protocol
algorithm-pattern - 算法模板,最科学的刷题方式,最快速的刷题路径,你值得拥有~
dirsearch - Web path scanner
prometheus - The Prometheus monitoring system and time series database.