BFuzz is an input based fuzzer tool which take .html
as an input, open’s up your browser with a new instance and pass multiple testcases generated by domato which is present in recurve
folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly.
Also ReadPython-Nubia : A Command-Line & Interactive Shell Framework
warmachine@ftw:~/BFuzz$ ./generate.sh
warmachine@ftw:~/BFuzz$ python BFuzz.py
Enter the browser type:
1: Chrome
2: Firefox
>>
Running python BFuzz.py
will ask for option weather to fuzz Chrome or Firefox, however if selected 2
this will open Firefox firefox --new-instance
and randomly open any of the testcase from recurve
create the logs on the terminal wait for 3 seconds
again it will open Firefox and the same process continue so on.
BFuzz is a small .py
script which enables to open browser run testcase for 12 seconds
then close wait for 3 seconds
and again follow the same process.
The testcase’s in recurve
are generated by domato generator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.
grammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below.
.txt files contain grammar definitions. There are 3 main files, html.txt, css.txt and js.txt which contain HTML, CSS and JavaScript grammars, respectively. These root grammar files may include content from other files.
Introduction Unlock the full potential of your Linux system with this comprehensive guide to essential…
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…