ffuf
nuclei
Our great sponsors
ffuf | nuclei | |
---|---|---|
17 | 17 | |
11,382 | 17,148 | |
2.6% | 3.2% | |
6.1 | 9.8 | |
16 days ago | 5 days ago | |
Go | Go | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ffuf
-
Show HN: Pfuzz, a web fuzzer following the Unix philosophy
It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular web fuzzers ffuf [1] and wfuzz [2] also call themselves fuzzers.
I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.
[1] https://github.com/ffuf/ffuf
[2] https://wfuzz.readthedocs.io/en/latest/
- Fast web fuzzer written in Go
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
FFUF
-
Directory Discovery Tools
I've been using ffuf happily for the past couple of years however I remember seeing a post on reddit/twitter about a new "intelligent" discovery tool.
-
Pentesting Tools I Use Everyday
Learn more about ffuf here: https://github.com/ffuf/ffuf
-
Tips on enumerating unknown APIs in my environment?
Also, I see you mentioned using curl. You can checkout ffuf which is closely related but more geared towards what you're doing.
- Fastest webpath scanner out here?
-
Posodobitev orodja ffuf
git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build
- ffuf - Fuzz Faster U Fool
-
Brute forcing a website link
So ffuf (https://github.com/ffuf/ffuf) or wfuzz (https://github.com/xmendez/wfuzz) are a better choice to enumerate GET/POST parameters/values.
nuclei
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
Nuclei
- Show HN: Oneleet β Penetration Testing for SoC 2 and beyond
-
Looking for short-term, resource intensive tasks to throw at a cloud server
If you own any web properties, you can use https://github.com/projectdiscovery/nuclei running in a beefy VM to scan them for vulnerabilities. It will scale to use all available resources if you give it a big box.
-
Pentesting Tools I Use Everyday
Learn more about nuclei here: https://nuclei.projectdiscovery.io/
-
How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
Read about how I was able to find 136 Sub-domain Takeover vulnerabilities on a Single Target using the Nuclei tool πππClick Here - How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
-
How to develope a Network Vuln Scanner
Iβd look at flan and nmap and nuclei for inspiration.
-
Thoughts on Vuln scanning public facing websites/hosts during an incident?
Had an idea to leverage the community vuln scanner Nuclei (https://nuclei.projectdiscovery.io/) to just run a quick scan against the public facing hostname/IP. The job isn't supposed to be "hey you're vulnerable to xyz, but to aid in the discovering initial access. I believe this would be considered "good faith" and you're not technically be doing anything nefarious, but wanted to get the communities thoughts on this.
- Nuclei β Community Powered Vulnerability Scanner
-
Log4J Network Scanning/Detection on a 100k+ Node Network
Check out Nuclei (https://github.com/projectdiscovery/nuclei)
What are some alternatives?
gobuster - Directory/File, DNS and VHost busting tool written in Go
jaeles - The Swiss Army knife for automated Web Application Testing
feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
ZAP - The ZAP core project
go-sql-driver/mysql - Go MySQL Driver is a MySQL driver for Go's (golang) database/sql package
SQLMap - Automatic SQL injection and database takeover tool
go - The Go programming language
RustScan - π€ The Modern Port Scanner π€
ksubdomain - ζ ηΆζεεεηη ΄ε·₯ε ·
osmedeus - A Workflow Engine for Offensive Security
argo-cd - Declarative Continuous Deployment for Kubernetes
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.