Firefly : Revolutionizing Security Testing With Advanced Black-Box Fuzzing

Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target.

Advantages

Hevy use of gorutines and internal hardware for great preformance
Built-in engine that handles each task for “x” response results inductively
Highly cusomized to handle more complex fuzzing
Filter options and request verifications to avoid junk results
Friendly error and debug output
Build in payloads (default list are mixed with the wordlist from seclists)
Payload tampering and encoding functionality

Installation

go install -v github.com/Brum3ns/firefly/cmd/firefly@latest

Usage

Simple

firefly -h

firefly -u 'http://example.com/?query=FUZZ'

Advanced usage

Request

Different types of request input that can be used

Basic

firefly -u 'http://example.com/?query=FUZZ' --timeout 7000

For more information click here.

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.