In VAF there will also be a vaf_linux_amd64 binary for linux users already compiled by me, but that’s not going to be always updated
Linux: Install
nim using: curl https://nim-lang.org/choosenim/init.sh -sSf | sh
and adding nim to path
Windows: Download
nim from https://nim-lang.org/install_windows.html and run finish.exe
(you might need to reopen a cmd window for nim to load)
nimble build
A vaf binary file will be created in your directory ready to be used
Using VAF
Using vaf is simple, here’s the current help text:
Usage:
vaf – very advanced fuzzer [options]
Options:
-h, –help
-u, –url=URL choose url, replace area to fuzz with []
-w, –wordlist=WORDLIST choose the wordlist to use
-sc, –status=STATUS set on which status to print, set this param to ‘any’ to print on any status (default: 200)
-pr, –prefix=PREFIX prefix, e.g. set this to / for content discovery if your url doesnt have a / at the end (default: )
-sf, –suffix=SUFFIX suffix, e.g. use this for extensions if you are doing content discovery (default: )
-pd, –postdata=POSTDATA only used if ‘-m post’ is set (default: {})
-m, –method=METHOD suffix, e.g. use this for extensions if you are doing content discovery (default: get)
-pif, –printifreflexive print only if the output reflected in the page, useful for finding xss
-ue, –urlencode url encode the payloads
-pu, –printurl prints the url that has been requested
Screenshots
Examples
vaf.exe -w example_wordlists\short.txt -u https://jsonplaceholder.typicode.com/posts -m post -sc 201 -pd “{\”title\”: \”[]\”}”
vaf.exe -w example_wordlists\short.txt -u https://example.org/[] -sf .html
Tips
,
in the suffixes or prefixes argument to try the word without any suffix/prefix like this: -pf .php,
or -sf .php,
-pif
with a bunch of xss payloads as the wordlist to find XSSBurrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…