Skip to main content

Browser-based web fuzzer with ffuf-like UX, powered by undetected-chromedriver

Project description


██╗   ██╗ ██████╗███████╗██╗   ██╗███████╗███████╗
██║   ██║██╔════╝██╔════╝██║   ██║╚══███╔╝╚══███╔╝
██║   ██║██║     █████╗  ██║   ██║  ███╔╝   ███╔╝ 
██║   ██║██║     ██╔══╝  ██║   ██║ ███╔╝   ███╔╝  
╚██████╔╝╚██████╗██║     ╚██████╔╝███████╗███████╗
 ╚═════╝  ╚═════╝╚═╝      ╚═════╝ ╚══════╝╚══════╝

Browser-based web fuzzer. Bypasses WAFs, solves CAPTCHAs, looks like a real user.


PyPI version Python License PyPI downloads



🚀 Why UCFuzz?

Most fuzzers send raw HTTP requests. That works — until the target runs Cloudflare, has browser fingerprinting, requires a login session, or throws a CAPTCHA on suspicious traffic.

UCFuzz runs a real Chrome browser via undetected-chromedriver. Every request has a real TLS fingerprint, real browser headers, and real JavaScript execution. To the server, it looks like a human clicking links.

Feature Traditional Fuzzer UCFuzz
Engine Raw HTTP (requests/aiohttp) 🌐 Full Chrome Browser
WAF Evasion Blocked by Cloudflare / Akamai Naturally Bypasses
JS Support None (Static only) Full JS & SPA Handling

📦 Installation

Choose the method that fits your needs:

🐍 Via PyPI

Install the stable version instantly:

pip install ucfuzz

🛠️ Or from source:

git clone https://github.com/raceoverflow/ucfuzz
cd ucfuzz
pip install .

Quick start

ucfuzz -u https://target.com/FUZZ -w wordlist.txt

The browser opens. Log in, solve any CAPTCHA, then press Enter — UCFuzz takes over from there.


Usage

ucfuzz [OPTIONS]

Options:
  -u, --url TEXT              Target URL with FUZZ placeholder  [required]
  -w, --wordlist PATH         Path to wordlist  [required]
  -o, --output PATH           Save results as JSONL
  --delay TEXT                Delay between requests: 100ms, 1s, 2m  [default: 0s]
  --timeout FLOAT             Response timeout in seconds  [default: 10.0]
  --exclude-status INTEGER    Hide this status code (repeatable)  [default: 404]
  --exclude-length INTEGER    Hide this content length (repeatable)
  --extension TEXT            Append extension to every word: php, html, js
  --headless                  Run browser without a window
  --help                      Show this message and exit

Use cases

Discovery

Standard brute-force on a site protected by Cloudflare. UCFuzz navigates through the challenge automatically.

ucfuzz -u https://target.com/FUZZ -w raft-large-dirs.txt --delay 50ms

Slow, human-like scanning

Avoid rate-limiting and IDS alerts by mimicking realistic browsing speed.

ucfuzz -u https://target.com/FUZZ -w wordlist.txt --delay 2s --timeout 30

Output

Results print live to the terminal, colour-coded by status:

https://target.com/admin          (Status: 200) [Size: 4821]
https://target.com/backup.zip     (Status: 200) [Size: 204800]
https://target.com/config         (Status: 403) [Size: 312]
https://target.com/.env           (Status: 200) [Size: 89]

Save to JSONL with -o results.jsonl for further processing:

cat results.jsonl | jq 'select(.status_code == 200)'

Roadmap

Things coming next, roughly in priority order:

  • Parallel browser sessions — run N browsers simultaneously for faster scans without looking like a bot
  • Recursive mode — automatically fuzz newly discovered directories with specified recursion depth
  • Custom headers & cookies — inject Authorization, X-API-Key, or any arbitrary header per request
  • POST / PUT fuzzing — fuzz request bodies, not just URLs
  • Report export — generate HTML/Markdown reports from JSONL output
  • Smarter response handling - parse robots.txt, sitemap, ds_store and opendir responses
  • Save the state - save the state of scans in sqlite database
  • Web GUI - modern minimalistic web GUI based on FastAPI
  • More evasion - more evasion with random delay option in specified range
  • CAPTCHA indicator - indicate captcha by inclusion of specific markers to prevent it from wasting wordlist until solved
  • Optimization - add flags for disabling css and media loading
  • Survive network errors - keep going from the same place when stopped due to the network issues
  • AuthFlow support - make possible to record auth flow with seleniumbase recorder extension and use it to automate authentication

Have a feature request? Open an issue.


Legal

UCFuzz is intended for authorized security testing only. Only use it against systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ucfuzz-0.1.1.tar.gz (18.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ucfuzz-0.1.1-py3-none-any.whl (19.0 kB view details)

Uploaded Python 3

File details

Details for the file ucfuzz-0.1.1.tar.gz.

File metadata

  • Download URL: ucfuzz-0.1.1.tar.gz
  • Upload date:
  • Size: 18.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for ucfuzz-0.1.1.tar.gz
Algorithm Hash digest
SHA256 16930bf818f394344dc6e080b8916a215a80cce02662cfa75bfe45400f1a718c
MD5 cf44e3c67abb9a1c7777af7523d51966
BLAKE2b-256 01964ca8e8325b2465a412eaf9a04c9e3ef2d251bb196d2d11a989aa06b663be

See more details on using hashes here.

File details

Details for the file ucfuzz-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: ucfuzz-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 19.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for ucfuzz-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 1ab9d4168c5b32e6ef30c9a2cc617eaae019782104101026da16fb456f007134
MD5 213fdd98a5f7cf242b38c4dcde7e7d3d
BLAKE2b-256 4b368ad0857bf89ea6512320fc9eab775c68dbf227cc7661da35bed211c65776

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page