Browser-based web fuzzer with ffuf-like UX, powered by undetected-chromedriver
Project description
██╗ ██╗ ██████╗███████╗██╗ ██╗███████╗███████╗ ██║ ██║██╔════╝██╔════╝██║ ██║╚══███╔╝╚══███╔╝ ██║ ██║██║ █████╗ ██║ ██║ ███╔╝ ███╔╝ ██║ ██║██║ ██╔══╝ ██║ ██║ ███╔╝ ███╔╝ ╚██████╔╝╚██████╗██║ ╚██████╔╝███████╗███████╗ ╚═════╝ ╚═════╝╚═╝ ╚═════╝ ╚══════╝╚══════╝
Browser-based web fuzzer. Bypasses WAFs, solves CAPTCHAs, looks like a real user.
🚀 Why UCFuzz?
Most fuzzers send raw HTTP requests. That works — until the target runs Cloudflare, has browser fingerprinting, requires a login session, or throws a CAPTCHA on suspicious traffic.
UCFuzz runs a real Chrome browser via undetected-chromedriver. Every request has a real TLS fingerprint, real browser headers, and real JavaScript execution. To the server, it looks like a human clicking links.
| Feature | Traditional Fuzzer | UCFuzz |
|---|---|---|
| Engine | Raw HTTP (requests/aiohttp) | 🌐 Full Chrome Browser |
| WAF Evasion | Blocked by Cloudflare / Akamai | ✅ Naturally Bypasses |
| JS Support | None (Static only) | ⚡ Full JS & SPA Handling |
📦 Installation
Choose the method that fits your needs:
🐍 Via PyPI
Install the stable version instantly:
pip install ucfuzz
🛠️ Or from source:
git clone https://github.com/raceoverflow/ucfuzz
cd ucfuzz
pip install .
Quick start
ucfuzz -u https://target.com/FUZZ -w wordlist.txt
The browser opens. Log in, solve any CAPTCHA, then press Enter — UCFuzz takes over from there.
Usage
ucfuzz [OPTIONS]
Options:
-u, --url TEXT Target URL with FUZZ placeholder [required]
-w, --wordlist PATH Path to wordlist [required]
-o, --output PATH Save results as JSONL
--delay TEXT Delay between requests: 100ms, 1s, 2m [default: 0s]
--timeout FLOAT Response timeout in seconds [default: 10.0]
--exclude-status INTEGER Hide this status code (repeatable) [default: 404]
--exclude-length INTEGER Hide this content length (repeatable)
--extension TEXT Append extension to every word: php, html, js
--headless Run browser without a window
--help Show this message and exit
Use cases
Discovery
Standard brute-force on a site protected by Cloudflare. UCFuzz navigates through the challenge automatically.
ucfuzz -u https://target.com/FUZZ -w raft-large-dirs.txt --delay 50ms
Slow, human-like scanning
Avoid rate-limiting and IDS alerts by mimicking realistic browsing speed.
ucfuzz -u https://target.com/FUZZ -w wordlist.txt --delay 2s --timeout 30
Output
Results print live to the terminal, colour-coded by status:
https://target.com/admin (Status: 200) [Size: 4821]
https://target.com/backup.zip (Status: 200) [Size: 204800]
https://target.com/config (Status: 403) [Size: 312]
https://target.com/.env (Status: 200) [Size: 89]
Save to JSONL with -o results.jsonl for further processing:
cat results.jsonl | jq 'select(.status_code == 200)'
Roadmap
Things coming next, roughly in priority order:
- Parallel browser sessions — run N browsers simultaneously for faster scans without looking like a bot
- Recursive mode — automatically fuzz newly discovered directories with specified recursion depth
- Custom headers & cookies — inject
Authorization,X-API-Key, or any arbitrary header per request - POST / PUT fuzzing — fuzz request bodies, not just URLs
- Report export — generate HTML/Markdown reports from JSONL output
- Smarter response handling - parse robots.txt, sitemap, ds_store and opendir responses
- Save the state - save the state of scans in sqlite database
- Web GUI - modern minimalistic web GUI based on FastAPI
- More evasion - more evasion with random delay option in specified range
- CAPTCHA indicator - indicate captcha by inclusion of specific markers to prevent it from wasting wordlist until solved
- Optimization - add flags for disabling css and media loading
- Survive network errors - keep going from the same place when stopped due to the network issues
- AuthFlow support - make possible to record auth flow with seleniumbase recorder extension and use it to automate authentication
Have a feature request? Open an issue.
Legal
UCFuzz is intended for authorized security testing only. Only use it against systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ucfuzz-0.1.1.tar.gz.
File metadata
- Download URL: ucfuzz-0.1.1.tar.gz
- Upload date:
- Size: 18.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
16930bf818f394344dc6e080b8916a215a80cce02662cfa75bfe45400f1a718c
|
|
| MD5 |
cf44e3c67abb9a1c7777af7523d51966
|
|
| BLAKE2b-256 |
01964ca8e8325b2465a412eaf9a04c9e3ef2d251bb196d2d11a989aa06b663be
|
File details
Details for the file ucfuzz-0.1.1-py3-none-any.whl.
File metadata
- Download URL: ucfuzz-0.1.1-py3-none-any.whl
- Upload date:
- Size: 19.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1ab9d4168c5b32e6ef30c9a2cc617eaae019782104101026da16fb456f007134
|
|
| MD5 |
213fdd98a5f7cf242b38c4dcde7e7d3d
|
|
| BLAKE2b-256 |
4b368ad0857bf89ea6512320fc9eab775c68dbf227cc7661da35bed211c65776
|