HTTP engine fuzzer security oriented
⚠️ Warning: Nozaki is currently in development, you’ve been warned :) and please consider contributing!
“Fuzzing is one of the most powerful and proven strategies for identifying security issues in real-world software” and for this reason, Nozaki tries to bridge the gap for a complete solution focused on web applications.
The idea is that this solution is complete enough to cover the entire fuzzing process in a web application (be it a monolith, a REST API, or even a GraphQL API) being fully parameterized, piped with other tools and with amazing filters.
Download & Install
$ git clone https://github.com/GouveaHeitor/nozaki && cd nozaki $ cpan install Getopt::Long LWP::UserAgent HTTP::Request
How to use
$ perl nozaki.pl Nozaki v0.0.7 Core Commands ============== Command Description ------- ----------- --url Define a target --wordlist Define wordlist of paths --method Define methods HTTP to use during fuzzing, separeted by "," --delay Define a seconds of delay between requests --agent Define a custom User Agent --return Set a filter based on HTTP Code Response # Example $ perl nozaki.pl -m GET -u http://lab.nozaki.io:8002/\?read\= -w wordlists/payloads/ssrf.txt | grep "574" [-] ->  | http://lab.nozaki.io:8002/?read=http://2852039166/ [GET] - OK | Length: 574 [-] ->  | http://lab.nozaki.io:8002/?read=http://0xA9FEA9FE/ [GET] - OK | Length: 574 [-] ->  | http://lab.nozaki.io:8002/?read=http://0251.0376.0251.0376/ [GET] - OK | Length: 574 ...
- Your contributions and suggestions are heartily ♥ welcome. See here the contribution guidelines. Please, report bugs via issues page. See here the security policy. (✿ ◕‿◕) This project follows the best practices defined by this style guide.
- This work is licensed under MIT License.