A fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display them in real-time.
Run an HTTP GET request for each entry in
filenames.txt, hide all responses with the status code
Common usage of monsoon is also covered in our blog article "Introducing monsoon - a lean and versatile HTTP enumerator".
Building from source
These instructions will get you a compiled version of the code in the master branch.
You'll need a recent version of the Go compiler, at least version 1.14. For Debian, install the package
Clone the repository, then from within the checkout run the following command:
$ go build
Afterwards you'll find a
monsoon binary in the current directory. It can be for other operating systems as follows:
$ GOOS=windows GOARCH=amd64 go build -o monsoon.exe
yay -S monsoon
The program has several subcommands, the most important one is
fuzz which contains the main functionality. You can display a list of commands as follows:
$ ./monsoon -h Usage: monsoon command [options] Available Commands: fuzz Execute and filter HTTP requests help Help about any command show Construct and display an HTTP request test Send an HTTP request to a server and show the result version Display version information Options: -h, --help help for monsoon Use "monsoon [command] --help" for more information about a command.
For each command, calling it with
monsoon fuzz --help) will display a description of all the options, and calling
monsoon help fuzz also shows an extensive list of examples.
The SecLists Project collects wordlists that can be used with