In VAF there will also be a vaf_linux_amd64 binary for linux users already compiled by me, but that’s not going to be always updated
Linux: Install
nim using: curl https://nim-lang.org/choosenim/init.sh -sSf | sh and adding nim to path
Windows: Download
nim from https://nim-lang.org/install_windows.html and run finish.exe (you might need to reopen a cmd window for nim to load)
nimble build
A vaf binary file will be created in your directory ready to be used
Using VAF
Using vaf is simple, here’s the current help text:
Usage:
vaf – very advanced fuzzer [options]
Options:
-h, –help
-u, –url=URL choose url, replace area to fuzz with []
-w, –wordlist=WORDLIST choose the wordlist to use
-sc, –status=STATUS set on which status to print, set this param to ‘any’ to print on any status (default: 200)
-pr, –prefix=PREFIX prefix, e.g. set this to / for content discovery if your url doesnt have a / at the end (default: )
-sf, –suffix=SUFFIX suffix, e.g. use this for extensions if you are doing content discovery (default: )
-pd, –postdata=POSTDATA only used if ‘-m post’ is set (default: {})
-m, –method=METHOD suffix, e.g. use this for extensions if you are doing content discovery (default: get)
-pif, –printifreflexive print only if the output reflected in the page, useful for finding xss
-ue, –urlencode url encode the payloads
-pu, –printurl prints the url that has been requested
Screenshots
Examples
vaf.exe -w example_wordlists\short.txt -u https://jsonplaceholder.typicode.com/posts -m post -sc 201 -pd “{\”title\”: \”[]\”}”
vaf.exe -w example_wordlists\short.txt -u https://example.org/[] -sf .html
Tips
, in the suffixes or prefixes argument to try the word without any suffix/prefix like this: -pf .php, or -sf .php,-pif with a bunch of xss payloads as the wordlist to find XSSTensorFlow is a free, open-source machine learning platform developed by Google. It is used by major…
Minecraft is one of the most popular games ever made — a sandbox game where players…
CouchDB is a free, open-source NoSQL database maintained by the Apache Software Foundation. Unlike traditional relational…
Docker Compose is a tool that lets you define and run multi-container Docker applications using a…
Composer is a dependency manager for PHP. It works similarly to npm for Node.js or pip…
Squid is a full-featured caching proxy server that supports HTTP, HTTPS, and FTP. It is most…