Web fuzzer finding differences based on response diffing

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WillIWas123 from gravatar.com WillIWas123

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Diffuzz

A fuzzer finding vulnerabilities based on response diffing

Disclaimers

  • This is considered to be a beta release, and may contain bugs and unintentional behavior. Consider yourself warned!

Requirements

Diffuzz requires HTTPDiff and HTTPInsert which can be install with python3 -m pip install httpdiff httpinsert or python3 -m pip install -r requirements.txt.

Why

Why create another fuzzer when so many already exists?

Most (not all) fuzzing tools rely on hardcoded values or regexes for differentiating responses. This is simply not good enough in many cases. This tool is made to minimize false-negatives, and to find vulnerabilities that are easily overlook by utilizing hardcoded values, regexes, and even manual testing. Some tools do provide advanced filtering, which still is not good enough for discovering minor deviations in responses.

Diffuzz uses HTTPDiff to analyze all sections of the responses; the status code, reason, headers, body, response times, errors, etc. This allows the fuzzer to find minor deviations in behavior, which may be a vulnerability or perhaps some noteworthy behavior.

Usage

$ diffuzz -u https://example.site/endpoint?param=value -w wordlists/sqli.txt
[INFO] Found diff
Insertion point: <InsertionPoint location=Query location_key=query key=param value=value>
Payload1: dwzajSOliSlhKyVELLvyRVL' or '3680'='3680' or '3680'='1675
Payload2: gHjaKhZVperxCVRRXIpSsiDDv' or '7934'='5698' or '7934'='5698
diffs: {'body': [25, 0]}

Help

usage: diffuzz [-h] (--url URL | --request REQUEST) --wordlist WORDLIST [--method METHOD] [--header HEADER [HEADER ...]] [--body BODY] [--https] [--proxy PROXY] [--threads THREADS]
               [--allow-redirects] [--verify] [--disable-encoding] [--verbose] [--debug] [--scan-query] [--scan-path] [--scan-headers] [--scan-body] [--scan-type SCAN_TYPE]
               [--sleep SLEEP] [--calibration-sleep CALIBRATION_SLEEP] [--timeout TIMEOUT] [--ignore-errors] [--no-analyze-all] [--num-calibrations NUM_CALIBRATIONS]
               [--num-verifications NUM_VERIFICATIONS] [--word WORD]

An awesome web fuzzer

options:
  -h, --help            show this help message and exit
  --wordlist WORDLIST, -w WORDLIST
                        Specify wordlist to use

target:
  --url URL, -u URL
  --request REQUEST, --req REQUEST, -r REQUEST
                        Specify a file containing a raw request for scanning

request:
  --method METHOD, -m METHOD
  --header HEADER [HEADER ...]
  --body BODY, -b BODY  Specify content to be in the body of the request
  --https, --tls
  --proxy PROXY, -p PROXY
  --threads THREADS, -t THREADS
  --allow-redirects, -ar
                        Specify if requests should follow redirects
  --verify              Verify SSL certificates
  --disable-encoding    Disable default encoding of payloads

verbosisty:
  --verbose, -v
  --debug, -d

scan:
  --scan-query
  --scan-path
  --scan-headers
  --scan-body
  --scan-type SCAN_TYPE
                        Specify which type of scan to perform (Sniper, DualSniper, PitchFork, DualPitchFork, ClusterBomb, DualClusterBomb, BatteringRam, DualBatterinRam)
  --sleep SLEEP, -s SLEEP
                        Determines how long (ms) the scanner should sleep between each request during scan
  --calibration-sleep CALIBRATION_SLEEP, -cs CALIBRATION_SLEEP
                        Determines how long (ms) the scanner should sleep between each request while calibrating
  --timeout TIMEOUT     Determines the timeout duration (s) for each request
  --ignore-errors, -ie  Ignore errors if any errors occurs during calibration

analyzer:
  --no-analyze-all      Make analyzer skip analyzing the body if the content length is static
  --num-calibrations NUM_CALIBRATIONS
                        Specify how many requests should be sent during calibration
  --num-verifications NUM_VERIFICATIONS
                        Specify how many times an endpoint should be verified/re-tested
  --word WORD           Specify a specific word to search for in responses

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for WillIWas123 from gravatar.com WillIWas123

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

3.0.0

2.0.4

2.0.1

This version

2.0.0

1.4.3

1.4.1

1.3.0

1.2.1

1.2.0

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

diffuzz-2.0.0.tar.gz (10.5 kB view details)

Uploaded Source

File details

Details for the file diffuzz-2.0.0.tar.gz.

File metadata

  • Download URL: diffuzz-2.0.0.tar.gz
  • Upload date:
  • Size: 10.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.3

File hashes

Hashes for diffuzz-2.0.0.tar.gz
Algorithm Hash digest
SHA256 caef2eea7c3a03389f6343e64bb20dc6521387459ca8cfc2f3d09b9ba96569d7
MD5 d076a10b2266e1a89ab088b404b1485f
BLAKE2b-256 86f21a81ed55aaae4f32475282f11cfe7799e4d29f1af8ee4d67f90cc63dae8a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page