Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target.

Advantages

  •  Hevy use of gorutines and internal hardware for great preformance
  •  Built-in engine that handles each task for “x” response results inductively
  •  Highly cusomized to handle more complex fuzzing
  •  Filter options and request verifications to avoid junk results
  •  Friendly error and debug output
  •  Build in payloads (default list are mixed with the wordlist from seclists)
  •  Payload tampering and encoding functionality

Installation

go install -v github.com/Brum3ns/firefly/cmd/firefly@latest

Usage

Simple

firefly -h
firefly -u 'http://example.com/?query=FUZZ'

Advanced usage

Request

Different types of request input that can be used

Basic

firefly -u 'http://example.com/?query=FUZZ' --timeout 7000

For more information click here.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here