Awesome
Tiny URL Fuzzer
A tiny and cute URL fuzzer in my talk of Black Hat USA 2017 and DEFCON 25.
Slides:
Case Study:
How to use?
All the code are written for hackers, and under PoC. Read the source! Some URL samples you can check samples.txt
Install / Restore
$ run_me.py install
$ run_me.py restore
Try
$ try.py http://127.0.0.1
Go.net/url scheme=http, host=127.0.0.1, port=
Java.net.URL scheme=http, host=127.0.0.1, port=-1
NodeJS.url scheme=http, host=127.0.0.1, port=
PHP.parseurl scheme=http, host=127.0.0.1, port=
Perl.URI scheme=http, host=127.0.0.1, port=80
Python.urlparse scheme=http, host=127.0.0.1, port=
Ruby.addressable/uri scheme=http, host=127.0.0.1, port=
Ruby.uri scheme=http, host=127.0.0.1, port=80
Go.net/http 127.0.0.1:80/
Java.URL 127.0.0.1:80/
NodeJS.http 127.0.0.1:80/
PHP.curl 127.0.0.1:80/
PHP.open 127.0.0.1:80/
Perl.LWP 127.0.0.1:80/
Python.httplib 127.0.0.1:80/
Python.requests 127.0.0.1:80/
Python.urllib 127.0.0.1:80/
Python.urllib2 127.0.0.1:80/
Ruby.Net/HTTP 127.0.0.1:80/
Ruby.open_uri 127.0.0.1:80/
Fuzz
$ fuzz.py