BFuzz is an input based fuzzer tool which take .html
as an input, open’s up your browser with a new instance and pass multiple testcases generated by domato which is present in recurve
folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly.
Also ReadPython-Nubia : A Command-Line & Interactive Shell Framework
warmachine@ftw:~/BFuzz$ ./generate.sh
warmachine@ftw:~/BFuzz$ python BFuzz.py
Enter the browser type:
1: Chrome
2: Firefox
>>
Running python BFuzz.py
will ask for option weather to fuzz Chrome or Firefox, however if selected 2
this will open Firefox firefox --new-instance
and randomly open any of the testcase from recurve
create the logs on the terminal wait for 3 seconds
again it will open Firefox and the same process continue so on.
BFuzz is a small .py
script which enables to open browser run testcase for 12 seconds
then close wait for 3 seconds
and again follow the same process.
The testcase’s in recurve
are generated by domato generator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.
grammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below.
.txt files contain grammar definitions. There are 3 main files, html.txt, css.txt and js.txt which contain HTML, CSS and JavaScript grammars, respectively. These root grammar files may include content from other files.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…