ignis-sec/puff ignis-sec/puff

  • Stars
    star
    150
  • Rank 247,323 (Top 5 %)
  • Language
    JavaScript
  • Created over 4 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ignis-sec/puff
github

ignis-sec

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Clientside vulnerability / reflected xss fuzzer

npm package size npm puppeteer package Average time to resolve an issue Percentage of issues still open Release - Downloads npm

PUFF

Simple clientside vulnerability fuzzer, powered by puppeteer.

** I will eventually rewrite this project. It works well, but it's not very clean and from my amateur years.**

How does it work?

This tool uses puppeteer to open a headless browser, and then injects payloads into the page, and checks if the payload was executed. This ensures there are no false alarms as it will only report a URL if the function was already called, providing a proof-of-concept.

Requirements

  • npm

INSTALL

git clone https://github.com/FlameOfIgnis/puff
cd puff
npm install

OR

If you dont have chromium:

npm install -g puff-fuzz

**If you have chromium: (Don't forget to set path via puff -c "path/to/chromium/"

windows:

set PUPPETEER_SKIP_DOWNLOAD=true
npm install -g puff-fuzz

linux:

export PUPPETEER_SKIP_DOWNLOAD=true
npm install -g puff-fuzz

Testing

Windows:
node puff.js -w .\wordlist-examples\xss.txt -u "http://www.xssgame.com/f/m4KKGHi2rVUN/?query=FUZZ"

Linux:
node puff.js -w ./wordlist-examples/xss.txt -u "http://www.xssgame.com/f/m4KKGHi2rVUN/?query=FUZZ"

Help String

Usage: puff [options]

Options:
  -w, --wordlist <file>    wordlist to use
  -u, --url <url>          url to fuzz
  -t, --threads <tcount>   threads to run (default: 5)
  -v, --verbose            verbosity
  -o, --output <filename>  output filename
  -d, --demo               Demo mode, hides url's in output, and clears terminal when run (to hide url in cli)
  -s, --status             Show requests with unusual response codes
  -oA, --outputAll         Output all the responses
  -k, --ignoreSSL          Ignore ssl errors
  -c, --chromePath <path>  Set chromium path permenantly
  -h, --help               display help for command

Alert is filtered by WAF?

Don't worry, just modify your wordlist to use puff() instead of alert() in your payload.

Sample runs

Running from source:

node puff.js -w xss.txt -u "http://your.url?message=FUZZ"

node puff.js -w xss.txt -u "http://your.url?message=FUZZ" -t 25

node puff.js -w xss.txt -u "http://your.url?message=FUZZ" -d

installed via npm:

puff -w xss.txt -u "http://your.url?message=FUZZ"

puff -w xss.txt -u "http://your.url?message=FUZZ" -t 25

puff -w xss.txt -u "http://your.url?message=FUZZ" -d

Running with stdin fuzzing mode:

cat urls.txt | node puff.js -w .\wordlist-examples\events.txt


cat urls.txt | puff -w .\wordlist-examples\events.txt

Where urls.txt is

http://example.com?query=FUZZ
https://another.com/page/#FUZZ

Running with stdin single payload mode:

cat urls.txt | node puff.js


cat urls.txt | puff

Where urls.txt is

http://example.com?query=<script>alert()</script>
http://example.com?query=javascript:alert()
https://another.com/page/#<script>alert()</script>

More Repositories

1

Pwdb-Public

A collection of all the data i could extract from 1 billion leaked credentials from internet.
3,052
star
2

CVE-2023-38831-RaRCE

An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831, WinRAR RCE before versions 6.23
Python
115
star
3

Markopy

Markov Model libraries, optimized for cracking-focused password generations.
C++
109
star
4

github-year-draw

draw a grayscale bmp to your github yearly activity
Python
55
star
5

spotify-sync

Sync RGB devices to your spotify songs. Sync your keyboard, sync your headset, sync your mouse, sync your toaster, sync your toilet, sync your hours developing this project, i dont judge.
Python
32
star
6

CtfCryptoTool

A tool for automated analysis of ctf type crypto challenges
Python
29
star
7

shellman

Modular reverse shell server with a Discord frontend and example payloads
Python
28
star
8

Tools

Various tools i created for my own use
C++
10
star
9

cve-details-extension

Hover over cve id's on the website to get a helpful summary.
JavaScript
10
star
10

audio_loopback

A Windows/Linux package for real-time sound processing from playback devices. (Needs VB-Audio/Pulse)
Python
6
star
11

DNS-fuzzer

A script that fuzzes a domain server for domain names from a wordlist
Python
6
star
12

CudaMD5

Finding strings that get md5'ed to php type juggleable hash
Cuda
5
star
13

CVE-2019-10008

ManageEngine Service Desk Plus 10.0 Privilaged account Hijacking
Python
4
star
14

razer-pychroma

A simple module for simple animations on razer devices.
Python
3
star
15

rgb_ecio

ECIO built in led strip color driver for windows
Python
3
star
16

allogate

A simple but pretty python logging package (IT HAS STACKS!)
Python
3
star
17

rgb_keyboard

A CLI tool for interfacing with RGB Keyboards. Works on Windows.
Python
2
star
18

Games

Collection of games i created
C++
2
star
19

Neural-Network-with-Cpp

Simple FFNN using C++
C++
2
star
20

Service-Control-Code-Sender

A small windows binary to send control code requests to services
C++
2
star
21

Hostname-Polluter

Minimalistic extension to quickly check hostname pollution
JavaScript
2
star
22

ignis-sec

2
star
23

cng-334

C++
1
star
24

MailSender

Simple python mail sender script
Python
1
star
25

DevsWebsite

Developers Club Official Website
JavaScript
1
star
26

BDQR

C++
1
star
27

Puzzles

Solutions to online Programming Puzzles
C++
1
star
28

Termcore

A tool for getting a shell from narrow RCE vectors
Python
1
star
29

Discord-Cyber-Bot

Discord bot for our cyber security discord channel
JavaScript
1
star
30

Sublime-Handlebars

Support for .handlebars file, without giving up autocomplete or autoindent
Python
1
star