d4rckh/vaf d4rckh/vaf

  • Stars
    star
    308
  • Rank 131,146 (Top 3 %)
  • Language
    Nim
  • License
    GNU General Publi...
  • Created about 3 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
d4rckh/vaf
github

d4rckh

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

vaf

A fast, simple, and feature rich web fuzzer written in nim





vaf is a cross-platform web fuzzer with a lot of features. Some of its features include:

Installing

You can install vaf using this one-liner:

curl https://raw.githubusercontent.com/d4rckh/vaf/main/install.sh | sudo bash

Options

Options:
  -h, --help
  -u, --url=URL              Target URL. Replace fuzz area with FUZZ
  -w, --wordlist=WORDLIST    The path to the wordlist.
  -m, --method=METHOD        Request method. Supported: POST, GET (default: GET)
  -H, --header=HEADER        Specify HTTP headers; can be used multiple times. Example: -H 'header1: val1' -H 'header1: val1'
  -pf, --prefix=PREFIX       The prefixes to append to the word (default: )
  -sf, --suffix=SUFFIX       The suffixes to append to the word (default: )
  -t, --threads=THREADS      Number of threads (default: 5)
  -sc, --status=STATUS       The status to filter; to 'any' to print on any status (default: 200)
  -g, --grep=GREP            Only log if the response body contains the string (default: )
  -ng, --notgrep=NOTGREP     Only log if the response body does no contain a string (default: )
  -pd, --postdata=POSTDATA   Specify POST data; used only if '-m post' is set (default: {})
  -x, --proxy=PROXY          Specify a proxy (default: )
  -ca, --cafile=CAFILE       Specify a CA root certificate; useful if you are using Burp/ZAP proxy (default: )
  -o, --output=OUTPUT        Output the results in a file (default: )
  -mr, --maxredirects=MAXREDIRECTS
                             How many redirects should vaf follow; 0 means none (default: 0)
  -v, --version              Print version information
  -pif, --printifreflexive   Print only if the fuzzed word is reflected in the page
  -i, --ignoressl            Do not verify SSL certificates; useful if you are using Burp/ZAP proxy
  -ue, --urlencode           URL encode the fuzzed words
  -pu, --printurl            Print the requested URL
  -ph, --printheaders        Print response headers
  -dbg, --debug              Prints debug information

Examples

Fuzz URL path, show only responses which returned 200 OK

vaf -u https://example.org/FUZZ -w path/to/wordlist.txt -sc OK

Fuzz 'User-Agent' header, show only responses which returned 200 OK

vaf -u https://example.org/ -w path/to/wordlist.txt -sc OK -H "User-Agent: FUZZ"

Fuzz POST data, show only responses which returned 200 OK

vaf -u https://example.org/ -w path/to/wordlist.txt -sc OK -m POST -H "Content-Type: application/json" -pd '{"username": "FUZZ"}'

Contributors

Thanks to everyone who contributed to this project!

More Repositories

1

gorilla

tool for generating wordlists or extending an existing one using mutations.
Rust
373
star
2

grc2

grim reaper c2
Nim
334
star
3

infosec-resources

Python
47
star
4

im-a-sandbox

make your machine look like a sandbox/vm ๐Ÿค–
PowerShell
29
star
5

WindowsPotatoes

A list of windows potatoes!
20
star
6

http-redirector

lightweight http redirector written in nim
Nim
12
star
7

kab

kab the lab manager
HTML
11
star
8

old-hackable-software

9
star
9

wapisteal

Steal credentials on Windows by hooking several Windows API functions!
JavaScript
8
star
10

shrack

๐Ÿš€ Fast hash dictionary attack
Python
7
star
11

nim-tlv

tlv building and parsing in nim
Nim
6
star
12

rustfuzz

basic web fuzzer
Rust
5
star
13

windows-customization-scripts

A collection of scripts to customize Windows by manipulating the registry
JavaScript
5
star
14

shlol

do common hacking tasks with a simple menu
Python
4
star
15

epicgamesfree

Epic Games Free Game Promotion Parser
Python
4
star
16

netsploit

Python
4
star
17

webility

web vulnerability scanner written in nim โšกโšก
3
star
18

wapienum

Enumeration Tool which uses the windows api
C++
3
star
19

ngn

ngn the network scanner
Python
3
star
20

blog

idk website
HTML
3
star
21

iptk

ip toolkit
Rust
3
star
22

casto

Nodejs cast project for Linux, Mac, and Windows that uses a web interface to control, or send, things to a plain electron application, in live time
HTML
3
star
23

monito

Setup triggers for anything, gather the logs in one place and view them in a very beautiful page!
JavaScript
2
star
24

status-page

JavaScript
2
star
25

netivid

Powerful script for network recon
Python
2
star
26

shboom

sparkles Oh, life could be a dream sparkles
Python
2
star
27

Gamio

Gamio: the game library manager and launcher!
HTML
2
star
28

adfaker

fake active directory object generator
1
star
29

d4rckh

1
star
30

bhs

Python
1
star
31

processmanager

C++
1
star
32

kolog

Advanced logging util for nodejs
JavaScript
1
star
33

boomark

A selfhosted bookmark
JavaScript
1
star
34

slc

C
1
star
35

cstimer-analyzer

This is a collection of scripts I made to analyze cstimer.net exports
Python
1
star
36

h3kt1c0.github.io

My website
CSS
1
star
37

nimws-test

Nim
1
star
38

bookmarks

python3 bookmarks in the terminal
Python
1
star
39

cahey

In-memory db for caching
JavaScript
1
star
40

ytdler

JavaScript
1
star
41

shk2

Python
1
star