npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

urlfuzz

v0.0.0

Published

HTTP/S fuzzer

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

danigargudanigargu

Keywords

httphttpsdirbusterfuzzfuzzingbruteforcefast

Readme

URLFUZZ

License Build Status

:bomb: Yep, this is another web fuzzer, but using the power of async/non-blocking I/O functions provided by NodeJS allowing you to perform VERY FAST web requests.

FEATURES

Fuzzeable items

  • URL
  • POST data
  • HTTP headers

Filters

You may filter the responses by:

  • Error codes
  • Nº Words
  • Nº Lines
  • Text

Payloads

  • Wordlist
  • Bruteforce
  • Range

INSTALL

:coffee: Simply install the last node Node.js version and then:

npm i -g urlfuzz

Kali GNU/Linux

curl -sL https://raw.githubusercontent.com/danigargu/urlfuzz/master/artifacts/install/kali.sh | sudo bash -

FROM THE REPO

git clone https://github.com/danigargu/urlfuzz
cd urlfuzz
npm i
node bin

USAGE

:rocket: To get a list of all options and switches use:

Usage: urlfuzz <URL> [OPTIONS]

  -H, --headers=ARG+     set headers
  -h, --head             use HEAD instead of GET
  -d, --data=ARG         POST data (format: foo1=bar1&foo2=bar2)
  -w, --wordlist=ARG     use a wordlist
  -l, --lists            show available wordlists
  -b, --bruteforce=ARG   perform bruteforce (format -> min:max:charset)
  -r, --range=ARG        fuzz with range (format -> start:end[:step])
  -o, --download=ARG     download results that matches (output dir)
  -x, --results=ARG      exports results to file (format: csv)
  -p, --proxy=ARG        use proxy (http://host:port)
  -s, --socks=ARG        use socks (host:port)
      --hc=ARG           filter by error codes (comma separated)
      --hw=ARG           filter by words (comma separated)
      --hl=ARG           filter by lines (comma separated)
      --ht=ARG           hide responses that matches str
      --st=ARG           show responses that matches str
      --max-sockets=ARG  max sockets (default: 150)
      --timeout=ARG      timeout (default: X ms)
      --debug            debug mode
  -h, --help             display this help

Fuzzezable items: [url, headers, post_data]
Fuzz tag: #FUZZ#

EXAMPLES

Fuzz using a wordlist:

$ urlfuzz http://localhost/#FUZZ# -w big.txt

Fuzz POST data using wordlist and filter by text:

$ urlfuzz http://localhost/login.php -d "user=admin&pass=#FUZZ#" -w big.txt --ht denied

Fuzz 'User-agent' header and filter by lines:

$ urlfuzz http://localhost/exploit_kit.php -H "User-agent: #FUZZ#" -w user_agents.txt --hl 4

Download matching files with error code 200:

$ urlfuzz http://localhost/file-#FUZZ#.exe -b 1:3:0123456789 --hc 200 -d samples/

Fuzz a user-id with range option:

$ urlfuzz http://localhost/user.php?id=#FUZZ# -r 1:1000 --hc 200 --st Admin

Export results to a CSV file:

$ urlfuzz http://localhost/#FUZZ# -w big.txt -x log

THANKS

:skull: Thanks to mandingo & cgvwzq for the ideas during the development of the tool.

AUTHORS

:penguin:

DEVELOPER GUIDE

:sunglasses: If you'd like to help please follow this steps:

  • Get a copy of the code and install the dependencies.
git clone https://github.com/danigargu/urlfuzz
cd urlfuzz
npm i
  • Make your changes.
  • Be sure the tests keep passing:
npm tst
  • Finally, make a GitHub pull request. Commit messages rules:
    • It should be formed by a one-line subject, followed by one line of white space. Followed by one or more descriptive paragraphs, each separated by one line of white space. All of them finished by a dot.
    • If it fixes an issue, it should include a reference to the issue ID in the first line of the commit.
    • It should provide enough information for a reviewer to understand the changes and their relation to the rest of the code.

Debug

We use the visionmedia module, so you have to use this environment variable:

DEBUG=urlfuzz* urlfuzz ...

Conventions

  • We use ESLint and Airbnb style guide.
  • Please run to be sure your code fits with it and the tests keep passing:
npm run pretest