gau
ffuf
| gau | ffuf | |
|---|---|---|
| 6 | 17 | |
| 3,566 | 11,486 | |
| - | 1.9% | |
| 6.0 | 5.7 | |
| 25 days ago | about 1 month ago | |
| Go | Go | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gau
-
Pentesting Tools I Use Everyday
Learn more about gau here: https://github.com/lc/gau
- Please Help
- 2 open source tools to find subdomains (ft. HakLuke)
-
What should I look for when checking wayback urls when performing recon and analysis?
I see people use tools like gau and waybackurls when doing recon and analysis before a web app pentest, I am a complete beginner and most tutorials just explain how to install these tools but not why we want to use them or where we want to get using them.
-
How to search URLs exposed by Shortener services
Great :) Would be a great addition to tools like gau or waybackurls for people with an API key!
- Google pics and videos of hot ebony wife
ffuf
-
Show HN: Pfuzz, a web fuzzer following the Unix philosophy
It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular web fuzzers ffuf [1] and wfuzz [2] also call themselves fuzzers.
I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.
[1] https://github.com/ffuf/ffuf
[2] https://wfuzz.readthedocs.io/en/latest/
- Fast web fuzzer written in Go
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
FFUF
-
Directory Discovery Tools
I've been using ffuf happily for the past couple of years however I remember seeing a post on reddit/twitter about a new "intelligent" discovery tool.
-
Pentesting Tools I Use Everyday
Learn more about ffuf here: https://github.com/ffuf/ffuf
-
Tips on enumerating unknown APIs in my environment?
Also, I see you mentioned using curl. You can checkout ffuf which is closely related but more geared towards what you're doing.
- Fastest webpath scanner out here?
-
Posodobitev orodja ffuf
git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build
- ffuf - Fuzz Faster U Fool
-
Brute forcing a website link
So ffuf (https://github.com/ffuf/ffuf) or wfuzz (https://github.com/xmendez/wfuzz) are a better choice to enumerate GET/POST parameters/values.
What are some alternatives?
waybackurls - Fetch all the URLs that the Wayback Machine knows about for a domain
gobuster - Directory/File, DNS and VHost busting tool written in Go
hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
goo.gl_abuse
nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
xurlfind3r - A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
go-sql-driver/mysql - Go MySQL Driver is a MySQL driver for Go's (golang) database/sql package
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
go - The Go programming language
john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
ksubdomain - 无状态子域名爆破工具