vaf is a cross-platform web fuzzer with a lot of features. Some of its features include:
- Grepping
- Outputing results to a file
- Status code filtering
- Detect reflexivness (useful for finding xss)
- Add prefixes, suffixes
- Custom wordlists
- Fuzz any part of the url
- Fuzz POST data
- URL encode payload
- your own feature!
- And more...
There are the ways to install vaf
- By downloading the pre-compiled binaries in the releases page and adding them manually to your path
- By running the
install.sh
bash script which will download nim, build vaf from source and then link the binary to /usr/bin (make sure tochmod +x install.sh
)
using vaf is very simple to use, here's the current help menu:
Usage:
vaf [options]
Options:
-h, --help
-u, --url=URL choose url, replace area to fuzz with []
-w, --wordlist=WORDLIST choose the wordlist to use
-sc, --status=STATUS set on which status to print, set this param to 'any' to print on any status (default: 200)
-pr, --prefix=PREFIX prefix, e.g. set this to / for content discovery if your url doesnt have a / at the end (default: )
-sf, --suffix=SUFFIX suffix, e.g. use this for extensions if you are doing content discovery (default: )
-pd, --postdata=POSTDATA only used if '-m post' is set (default: {})
-m, --method=METHOD the method to use PSOT/GET (default: GET)
-g, --grep=GREP greps for a string in the response (default: )
-o, --output=OUTPUT Output the results in a file (default: )
-pif, --printifreflexive print only if the output reflected in the page, useful for finding xss
-ue, --urlencode url encode the payloads
-pu, --printurl prints the url that has been requested
Fuzz post data:
vaf.exe -w example_wordlists\short.txt -u https://jsonplaceholder.typicode.com/posts -m post -sc 201 -pd "{\"title\": \"[]\"}"
Fuzz GET URLs
vaf.exe -w example_wordlists\short.txt -u https://example.org/[] -sf .html
- Add a trailing
,
in the suffixes or prefixes argument to try the word without any suffix/prefix like this:-pf .php,
or-sf .php,
- Use
-pif
with a bunch of xss payloads as the wordlist to find XSS - Make an issue if you want to suggest a feature
Thanks to everyone who contributed to this project!