Fastest recursive HTTP fuzzer, like a Ferrari.

Overview

Medusa

Fastest recursive HTTP fuzzer, like a Ferrari.

Travis GitHub version Go Report Card GoDoc codecov

demo

Usage

Usage: medusa [options...]
Options:
-u                    Single URL  
-uL                   URL list file path (line by line)
-e                    Extension 
-s                    Force schema (uses default http if does not contains url)
-ua                   User-agent value (default %s)
-cP                   Postive status codes (seperate by comma)
-cN                   Negative status codes (seperate by comma)
-x                    Bypass SSL verification
-t                    HTTP response timeout (10s)
-r                    Enable recursive fuzzing
-w                    Directory wordlist (line by line)
-v                    Verbose mode, show logs
-conc                 Maximum concurrent requests
-cpus                 Number of used cpu cores.

Known issues

socket: too many open file

The solution to this is to increase ulimit, you can solve this problem by typing ulimit -n 8129 before running Medusa.

Issues
  • Error and request

    Error and request

    It's really fast However there are some issues when scanning different ports or recursively scanning.It would be fine if it works as / FUZZ like other large fuzers.hope you continue to improve.

    opened by ghost 1
Owner
Rıza Sabuncu
net/http
Rıza Sabuncu
Ffuf - A fast web fuzzer written in Golang

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \

null 0 Jan 2, 2022
The fastest dork scanner written in Go.

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

dw1 651 Aug 8, 2022
The fastest dork scanner written in Go.

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

Mansz 0 Jan 28, 2022
Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.

This is very similar to GenericPotato - I referenced it heavily while researching. Gotato starts a named pipe or web server and waits for input. Once

meet 101 Jul 31, 2022
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C

Casbin 12.5k Aug 11, 2022
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Lightweight static analysis for many languages. Find bugs and enforce code standards. Semgrep is a fast, open-source, static analysis tool that finds

r2c 6.9k Aug 10, 2022
Git-like capabilities for your object storage

What is lakeFS lakeFS is an open source layer that delivers resilience and manageability to object-storage based data lakes. With lakeFS you can build

Treeverse 2.7k Aug 5, 2022
A fully self-contained Nmap like parallel port scanning module in pure Golang that supports SYN-ACK (Silent Scans)

gomap What is gomap? Gomap is a fully self-contained nmap like module for Golang. Unlike other projects which provide nmap C bindings or rely on other

jtimperio 70 Aug 1, 2022
PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

PHP Functions for Golang - phpfuncs PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. Y

Serkan Algur 51 Aug 5, 2022
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Drift

Truffle Security 302 Aug 8, 2022
HTTP middleware for Go that facilitates some quick security wins.

Secure Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many fram

Cory Jacobsen 2k Aug 5, 2022
HTTP/HTTPS MITM proxy and recorder.

Hyperfox Hyperfox is a security auditing tool that proxies and records HTTP and HTTPS traffic between two points. Installation You can install the lat

null 1.5k Aug 7, 2022
Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

hashfs Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

Ben Johnson 215 Jul 29, 2022
PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS

CVE-2015-1635 PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS ./MS15-034 <URL> <RESOURCE> <FLAG [0 or 18]> Note

Nikola Kipariz Stamov 0 Nov 3, 2021
ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Re 42 Jul 22, 2022
CS http Dynamic Encrypt Bridge.

CS http Dynamic Encrypt Bridge.

TimWhite 30 May 30, 2022
Basic honeypot to capture log4shell payloads within HTTP headers.

log4shell-honeypot Catch and download log4shell payloads sent within HTTP headers. Modified version of Adikso's minecraft honeypot Setup git clone $re

Chris Bayliss 13 Apr 7, 2022
A Flask-based HTTP(S) command and control (C2) framework with a web frontend. Malleable agents written in Go and scripts written in bash.

▄▄▄▄ ██▓ █████▒██▀███ ▒█████ ██████ ▄▄▄█████▓ ▓█████▄ ▓██▒▓██ ▒▓██ ▒ ██▒▒██▒ ██▒▒██ ▒ ▓ ██▒ ▓▒ ▒██▒ ▄██▒██▒▒████ ░▓██ ░▄█ ▒▒██░ ██▒░

Ashley Nikirk 22 Aug 6, 2022
fuzzer for a single http parameter which checks if the response does/does not contain a certain given string

single http parameter fuzzer DISCLAIMER: ONLY USE THIS PROGRAM ON TARGETS YOU HAVE PERMISSION TO FUZZ! Initially used as a "poor man's" http fuzzer fo

null 0 Dec 19, 2021
Fast web fuzzer written in Go

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \

null 7.5k Aug 13, 2022
An unsupervised coverage-guided kernel fuzzer

syzkaller - kernel fuzzer syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuch

Tinker Board 2 - Android 0 Oct 27, 2021
Easy-to-use web fuzzer, written in Go.

Brutal A lightweight, simple to use web fuzzer. Usage Brutal is pretty easy to use. Command Description --debug print more details about the runtime -

Andrew 4 Jul 8, 2022
Ffuf - A fast web fuzzer written in Golang

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \

null 0 Jan 2, 2022
Gerasimos (Makis) Maropoulos 22.7k Aug 7, 2022
go-up! A simple configuration library with recursive placeholders resolution and no magic.

go-up! A simple configuration library with placeholders resolution and no magic. go-up provides a simple way to configure an application from multiple

Francesco 37 Mar 23, 2022
A Go recursive coverage testing tool

roveralls A Go recursive coverage testing tool. roveralls runs coverage tests on a package and all its sub-packages. The coverage profile is output as

Lawrence Woodman 17 Jul 6, 2022
Privacy important, fast, recursive dns resolver server with dnssec support

?? Privacy important, fast, recursive dns resolver server with dnssec support Installation go get github.com/semihalev/sdns Pre-build Binaries Downloa

Yasar Alev 714 Aug 10, 2022
concurrent recursive whois resolution

drwho - concurrent 'whois' queries given a set of ip addresses (v4 and v6), concurrently queries whois servers about them. example populate a file wit

Ciro S. Costa 5 Dec 28, 2021
Solution to elevator test problem but this time recursive and in go

Synopsis A multi-floor building has a Lift in it. People are queued on different floors waiting for the Lift. Some people want to go up. Some people w

Alex Piemont 0 Nov 8, 2021