Initial commit

Author: LSD00

.goreleaser.yaml

@@ -0,0 +1,46 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+
+# The lines below are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/need to use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+version: 1
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+      - goos: windows
+        format: zip
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"

go.mod

@@ -0,0 +1,16 @@
+module webfuzz
+
+go 1.21.10
+
+require (
+	github.com/alecthomas/kingpin/v2 v2.4.0
+	github.com/valyala/fasthttp v1.54.0
+)
+
+require (
+	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
+	github.com/andybalholm/brotli v1.1.0 // indirect
+	github.com/klauspost/compress v1.17.7 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
+)

go.sum

@@ -0,0 +1,27 @@
+github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY=
+github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE=
+github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=
+github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
+github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.54.0 h1:cCL+ZZR3z3HPLMVfEYVUMtJqVaui0+gu7Lx63unHwS0=
+github.com/valyala/fasthttp v1.54.0/go.mod h1:6dt4/8olwq9QARP/TDuPmWyWcl4byhpvTJ4AAtcz+QM=
+github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc=
+github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+	"webfuzz/pkg/workers"
+
+	"github.com/alecthomas/kingpin/v2"
+)
+
+var (
+	domain, reqfile, wordlist, invalid string
+	th                                 int
+	opt                                workers.Options
+)
+
+func main() {
+	kingpin.Flag("domain", "target domain").Required().Short('d').StringVar(&domain)
+	kingpin.Flag("request", "file with http request").Required().Short('r').StringVar(&reqfile)
+	kingpin.Flag("wordlist", "file with wordlist").Required().Short('w').StringVar(&wordlist)
+	kingpin.Flag("regex", "regex for search").Default(".+").StringVar(&opt.Regex)
+	kingpin.Flag("threads", "setting threads").Default("25").IntVar(&th)
+	kingpin.Flag("tls", "is target use tls").Default("false").BoolVar(&opt.TlsEnabled)
+	kingpin.Flag("bad-codes", "invalid codes for fuzzing ex. 404, 503, 400").Default("404").StringVar(&invalid)
+	kingpin.Parse()
+	opt.InvalidCode = strings.Split(strings.ReplaceAll(invalid, " ", ""), ",")
+	worker, err := workers.NewPool(wordlist, reqfile, th)
+	if err != nil {
+		fmt.Println(err)
+	}
+	worker.Options = opt
+	fmt.Println(`
+	 _    _      _     ______             
+	| |  | |    | |   |  ___|            
+	| |  | | ___| |__ | |_ _   _ ________
+	| |/\| |/ _ \ '_ \|  _| | | |_  /_  /
+	\  /\  /  __/ |_) | | | |_| |/ / / / 
+	 \/  \/ \___|_.__/\_|  \__,_/___/___|
+										 
+										 
+										 `)
+	worker.Fuzz(domain)
+}

pkg/formatter/formatter.go

@@ -0,0 +1,41 @@
+package formatter
+
+import (
+	"encoding/base64"
+	"encoding/hex"
+	"net/url"
+	"strings"
+)
+
+type EncoderFunc func(data string) string
+
+type Payload struct {
+	encoders map[string]EncoderFunc
+	payload  string
+}
+
+func NewPayload(payload string) *Payload {
+	encoders := map[string]EncoderFunc{
+		"none": func(data string) string {
+			return data
+		},
+		"urlencode": func(data string) string {
+			return url.QueryEscape(data)
+		},
+		"base64": func(data string) string {
+			return base64.StdEncoding.EncodeToString([]byte(data))
+		},
+		"hex": func(data string) string {
+			return hex.EncodeToString([]byte(data))
+		},
+	}
+	return &Payload{payload: payload, encoders: encoders}
+}
+
+func (p *Payload) CreatePayload(format string) string {
+	splited_mask := strings.Split(strings.ReplaceAll(format, " ", ""), ",")
+	for _, value := range splited_mask {
+		p.payload = p.encoders[value](p.payload)
+	}
+	return p.payload
+}

pkg/reqgen/reqgen.go

@@ -0,0 +1,54 @@
+package reqgen
+
+import (
+	"bufio"
+	"fmt"
+
+	"github.com/valyala/fasthttp"
+)
+
+type Worker struct {
+	domain     string
+	tlsEnabled bool
+	req        *bufio.Reader
+}
+
+type Resp struct {
+	BodyData    string
+	Len, Status int
+}
+
+func NewWorker(tlsEnabled bool, req *bufio.Reader, domain string) *Worker {
+	return &Worker{
+		tlsEnabled: tlsEnabled,
+		req:        req,
+		domain:     domain,
+	}
+}
+
+func (w *Worker) MakeRequest() (Resp, error) {
+	request := fasthttp.AcquireRequest()
+	err := request.Read(w.req)
+	if err != nil {
+		return Resp{}, err
+	}
+	if w.tlsEnabled {
+		request.SetRequestURI(fmt.Sprintf("https://%s%s", w.domain, string(request.RequestURI())))
+	} else {
+		request.SetRequestURI(fmt.Sprintf("http://%s%s", w.domain, string(request.RequestURI())))
+	}
+
+	resp := fasthttp.AcquireResponse()
+	client := &fasthttp.Client{}
+	client.Do(request, resp)
+
+	bodyBytes, err := resp.BodyUncompressed()
+	if err != nil {
+		return Resp{}, err
+	}
+	return Resp{
+		BodyData: string(bodyBytes),
+		Len:      len(string(bodyBytes)),
+		Status:   resp.StatusCode(),
+	}, nil
+}

pkg/workers/workers.go

@@ -0,0 +1,87 @@
+package workers
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"regexp"
+	"slices"
+	"sync"
+	"text/template"
+	"webfuzz/pkg/formatter"
+	"webfuzz/pkg/reqgen"
+)
+
+type Options struct {
+	TlsEnabled  bool
+	Regex       string
+	InvalidCode []string
+}
+
+type Pool struct {
+	concurrents int
+	wordlists   []string
+	req         *template.Template
+	Options     Options
+}
+
+func NewPool(wordlist, reqfile string, concurrents int) (*Pool, error) {
+	var pool Pool
+	pool.concurrents = concurrents
+	file, err := os.Open(wordlist)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+	reader := bufio.NewScanner(file)
+	for reader.Scan() {
+		pool.wordlists = append(pool.wordlists, reader.Text())
+	}
+	pool.req, err = template.ParseFiles(reqfile)
+	if err != nil {
+		return nil, err
+	}
+	return &pool, nil
+}
+
+func (p *Pool) Fuzz(domain string) {
+	var wg sync.WaitGroup
+	chunks := len(p.wordlists) / p.concurrents
+	for i := 0; i < p.concurrents; i++ {
+		var chunked_wordlist []string
+		if i != p.concurrents-1 {
+			chunked_wordlist = p.wordlists[i*chunks : (i+1)*chunks]
+		} else {
+			chunked_wordlist = p.wordlists[i*chunks:]
+		}
+		wg.Add(1)
+		go func(wg *sync.WaitGroup, wordlist []string) {
+			defer wg.Done()
+			re := regexp.MustCompile(p.Options.Regex)
+			for _, value := range wordlist {
+				var buf bytes.Buffer
+				payload := formatter.NewPayload(value)
+				p.req.Execute(&buf, payload)
+				worker := reqgen.NewWorker(p.Options.TlsEnabled, bufio.NewReader(&buf), domain)
+				resp, err := worker.MakeRequest()
+				io.WriteString(os.Stdout, buf.String())
+				if err != nil {
+					return
+				} else if !slices.Contains(p.Options.InvalidCode, fmt.Sprint(resp.Status)) && re.MatchString(resp.BodyData) {
+					var formatted_code string
+					if resp.Status >= 200 && resp.Status < 300 {
+						formatted_code = fmt.Sprintf("\033[92m%d\033[0m", resp.Status)
+					} else if resp.Status >= 300 && resp.Status < 400 {
+						formatted_code = fmt.Sprintf("\033[96m%d\033[0m", resp.Status)
+					} else if resp.Status >= 400 {
+						formatted_code = fmt.Sprintf("\033[91m%d\033[0m", resp.Status)
+					}
+					io.WriteString(os.Stdout, fmt.Sprintf("%s -> %s (%d)\r\n", value, formatted_code, resp.Len))
+				}
+			}
+		}(&wg, chunked_wordlist)
+	}
+	wg.Wait()
+}