FUZZmap is a web application vulnerability fuzzing tool designed to detect security flaws. It identifies web application vulnerabilities through automated parameter Reconnaissance and advanced payload testing.
Project description
FUZZmap
Web Application Vulnerability Fuzzing Tool
Current version: 0.1 (SQL Injection)
FUZZmap is a web application vulnerability fuzzing tool designed to detect security flaws. It identifies web application vulnerabilities through automated parameter Reconnaissance and advanced payload testing.
💻 FUZZmap Developers
✨ Features
- Parameter Reconnaissance
- Common Payload Testing
- Advanced Payload Testing
- SQL Injection Detection - Advanced analysis including error-based, time-based, and boolean-based techniques (v0.1)
- XSS Detection - (Advanced analysis coming in v0.2)
- SSTI Detection - (Advanced analysis coming in v0.3)
- Asynchronous Architecture - Utilizes
asyncioand semaphores for optimized concurrent testing - Expandable Framework - Designed for easy addition of new vulnerability types in future versions
📋 Installation
Using pip
# Installation
pip install fuzzmap
From GitHub
# Git clone
git clone https://github.com/offensive-tooling/FUZZmap.git
cd fuzzmap
# Installation
pip install -e .
🚀 Usage
Command Line Usage
# Test specific parameter
fuzzmap -t <target_url> -m get -p <target_parameter>
# Test multiple parameters
fuzzmap -t <target_url> -m get -p <target_parameter 1>,<target_parameter 2>
# Use POST method
fuzzmap -t <target_url> -m post -p <target_parameter>
# Test with Parameter Reconnaissance
fuzzmap -t <target_url> -rp
Python Module Usage
import asyncio
from fuzzmap import Controller
async def main():
# Test with specific parameters
fm = Controller(target="http://target.com", method="GET", param=["target_parameter"])
results = await fm.async_run()
print(results)
# Test with Parameter Reconnaissance
fm = Controller(target="http://target.com", recon_param=True)
results = await fm.async_run()
print(results)
asyncio.run(main())
🛠️ How It Works
FuzzMap operates in four main phases:
-
Parameter Reconnaissance: Automatically identifies parameters through:
- URL query extraction
- Form field analysis (inputs, selects, textareas)
- Form action paths and methods
- (JavaScript hidden parameters - release later)
- (Dynamic parameter collection module - release later)
-
Common Payload Testing: Tests various vulnerabilities with common payloads:
- SQL Injection
- XSS (Cross Site Scripting)
- SSTI (Server Side Template Injection)
- (More types to be continuously added)
-
Advanced Payload Testing (Currently for SQL Injection only):
- SQL Injection (error-based, time-based, boolean-based)
- (XSS payloads and features coming in v0.2)
- (SSTI payloads and features coming in v0.3)
-
Result Classification: Categorize findings as follows:
- Vulnerability type and subtype
- Detection confidence scoring (0-100%)
- Detection details and evidence
📊 Example Output
handler: common, advanced
🎯 url: http://target.com/
parameters: ['test', 'searchFor']
method: GET
Type: xss
💰 Detected: True
Common_payload: '"><iframe onload=alert('{{1234**3}}');>
Common_Confidence: 50
🔍 Detail_Vuln: Error-Based SQL Injection
Advanced_payload: ' UNION SELECT NULL-- -
Advanced_Confidence: 100
Context: ECT NULL-- -</h2>Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
------------------------------------------------------------------
handler: common, advanced
🎯 url: http://target.com/
parameters: ['test', 'searchFor']
method: GET
Type: sql_injection
💰 Detected: True
Common_payload: ' || BEGIN DBMS_SESSION.SLEEP(5); END; --
Common_Confidence: 70
🔍 Detail_Vuln: Error-Based SQL Injection
Advanced_payload: ' UNION SELECT NULL-- -
Advanced_Confidence: 100
Context: ECT NULL-- -</h2>Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
⚙️ Command Line Options
-t, --target 🎯 Target URL to scan
-m, --method 📡 HTTP method (GET/POST)
-p, --param 🔍 Parameters to test (comma separated)
-rp, --recon 🔎 Enable parameter reconnaissance
-v, --verbose 📝 Enable verbose output
-h, --help ℹ️ Show help message
📝 Translations
🔔 Disclaimer
FUZZmap is designed for legitimate security testing with proper authorization. Always ensure you have permission before testing any website or application.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fuzzmap-0.1.0.tar.gz.
File metadata
- Download URL: fuzzmap-0.1.0.tar.gz
- Upload date:
- Size: 138.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.13.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dd2c8bb371b0c5da1a5a58100801f79c010568d8ca1a307da74e17a4f696410a
|
|
| MD5 |
fba16eade7123e988a612e1332a0239e
|
|
| BLAKE2b-256 |
09a8a23ddcb3f9499f2eda50cbe185421146404866d8e9491d012585c4f12520
|
File details
Details for the file fuzzmap-0.1.0-py3-none-any.whl.
File metadata
- Download URL: fuzzmap-0.1.0-py3-none-any.whl
- Upload date:
- Size: 147.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.13.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1279b090d615b757c77c5a1b30a7203e5830a37381a46bc053eeae3978afa03a
|
|
| MD5 |
21eda761d580622f81209da7e7728266
|
|
| BLAKE2b-256 |
3656f1cc9a998b99d03ac9277b234efffcdd3b226511bf2f9e8c4493e443b045
|
