Awesome Open Source
Awesome Open Source

vaf

A fast, simple, and feature rich web fuzzer written in nim





vaf is a cross-platform web fuzzer with a lot of features. Some of its features include:

Installing

You can install vaf using this one-liner:

curl https://raw.githubusercontent.com/d4rckh/vaf/main/install.sh | sudo bash

Options

Options:
  -h, --help
  -u, --url=URL              Target URL. Replace fuzz area with FUZZ
  -w, --wordlist=WORDLIST    The path to the wordlist.
  -m, --method=METHOD        Request method. Supported: POST, GET (default: GET)
  -H, --header=HEADER        Specify HTTP headers; can be used multiple times. Example: -H 'header1: val1' -H 'header1: val1'
  -pf, --prefix=PREFIX       The prefixes to append to the word (default: )
  -sf, --suffix=SUFFIX       The suffixes to append to the word (default: )
  -t, --threads=THREADS      Number of threads (default: 5)
  -sc, --status=STATUS       The status to filter; to 'any' to print on any status (default: 200)
  -g, --grep=GREP            Only log if the response body contains the string (default: )
  -ng, --notgrep=NOTGREP     Only log if the response body does no contain a string (default: )
  -pd, --postdata=POSTDATA   Specify POST data; used only if '-m post' is set (default: {})
  -x, --proxy=PROXY          Specify a proxy (default: )
  -ca, --cafile=CAFILE       Specify a CA root certificate; useful if you are using Burp/ZAP proxy (default: )
  -o, --output=OUTPUT        Output the results in a file (default: )
  -mr, --maxredirects=MAXREDIRECTS
                             How many redirects should vaf follow; 0 means none (default: 0)
  -v, --version              Print version information
  -pif, --printifreflexive   Print only if the fuzzed word is reflected in the page
  -i, --ignoressl            Do not verify SSL certificates; useful if you are using Burp/ZAP proxy
  -ue, --urlencode           URL encode the fuzzed words
  -pu, --printurl            Print the requested URL
  -ph, --printheaders        Print response headers
  -dbg, --debug              Prints debug information

Examples

Fuzz URL path, show only responses which returned 200 OK

vaf -u https://example.org/FUZZ -w path/to/wordlist.txt -sc OK

Fuzz 'User-Agent' header, show only responses which returned 200 OK

vaf -u https://example.org/ -w path/to/wordlist.txt -sc OK -H "User-Agent: FUZZ"

Fuzz POST data, show only responses which returned 200 OK

vaf -u https://example.org/ -w path/to/wordlist.txt -sc OK -m POST -H "Content-Type: application/json" -pd '{"username": "FUZZ"}'

Contributors

Thanks to everyone who contributed to this project!

Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Web (37,375
Penetration Testing (3,120
Nim (2,884
Security Tools (1,891
Xss (1,733
Brute Force (1,396
Fuzzing (1,388
Hacking Tool (991
Fuzzer (899
Recon (889
Pentest Tool (438
Burpsuite (358
Vaf (3