Code Monkey home page Code Monkey logo

puff's Introduction

npm package size npm puppeteer package Average time to resolve an issue Percentage of issues still open Release - Downloads npm

PUFF

Simple clientside vulnerability fuzzer, powered by puppeteer.

Requirements

  • npm

INSTALL

git clone https://github.com/FlameOfIgnis/puff
cd puff
npm install

OR

If you dont have chromium:

npm install -g puff-fuzz

**If you have chromium: (Don't forget to set path via puff -c "path/to/chromium/"

windows:

set PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
npm install -g puff-fuzz

linux:

export PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
npm install -g puff-fuzz

Help String

Usage: puff [options]

Options:
  -w, --wordlist <file>    wordlist to use
  -u, --url <url>          url to fuzz
  -t, --threads <tcount>   threads to run (default: 5)
  -v, --verbose            verbosity
  -o, --output <filename>  output filename
  -d, --demo               Demo mode, hides url's in output, and clears terminal when run (to hide url in cli)
  -s, --status             Show requests with unusual response codes
  -oA, --outputAll         Output all the responses
  -k, --ignoreSSL          Ignore ssl errors
  -c, --chromePath <path>  Set chromium path permenantly
  -h, --help               display help for command

Alert is filtered by WAF?

Don't worry, just modify your wordlist to use puff() instead of alert() in your payload.

Sample runs

Running from source:

node puff.js -w xss.txt -u "http://your.url?message=FUZZ"

node puff.js -w xss.txt -u "http://your.url?message=FUZZ" -t 25

node puff.js -w xss.txt -u "http://your.url?message=FUZZ" -d

installed via npm:

puff -w xss.txt -u "http://your.url?message=FUZZ"

puff -w xss.txt -u "http://your.url?message=FUZZ" -t 25

puff -w xss.txt -u "http://your.url?message=FUZZ" -d

Helped you land a bounty? Buy me a coffee!

bc1qdmu283ez2u5nch7mqla0e0uav7gdus4g44unmv

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.