Web Fuzzer & Directory Brute-forcer
High-performance web fuzzing tool written in Rust, demonstrating:
- Async/Await - Tokio runtime for concurrent requests
- Ownership - Memory safety without GC
- Result Types - Safe error handling
- Zero-Cost Abstractions - Performance without overhead
git clone https://github.com/bad-antics/nullsec-webfuzz.git
cd nullsec-webfuzz
cargo build --release# Basic directory fuzzing
./target/release/nullsec-webfuzz -u http://target.com/FUZZ
# With wordlist
./target/release/nullsec-webfuzz -u http://target.com/FUZZ -w wordlist.txt
# With extensions
./target/release/nullsec-webfuzz -u http://target.com/FUZZ -e php,html,txt
# Filter by status
./target/release/nullsec-webfuzz -u http://target.com/FUZZ -f 200,301,302
# High concurrency
./target/release/nullsec-webfuzz -u http://target.com/FUZZ -c 100
# JSON output
./target/release/nullsec-webfuzz -u http://target.com/FUZZ -j- FUZZ placeholder replacement
- Built-in 100+ word directory wordlist
- File extension fuzzing
- Status code filtering
- Response size filtering
- Concurrent requests with semaphore
- Follow redirects option
- Custom HTTP methods
╔══════════════════════════════════════════════════════════════════╗
║ NullSec WebFuzz - Web Fuzzer & Dir Buster ║
╚══════════════════════════════════════════════════════════════════╝
Target: http://example.com/FUZZ
Concurrency: 50 | Timeout: 10s
Wordlist: 100 words
URLs to test: 100
Fuzzing...
[200] http://example.com/admin [1542]
[200] http://example.com/login [2341]
[301] http://example.com/api [0] -> http://example.com/api/
[403] http://example.com/.git [287]
[200] http://example.com/robots.txt [156]
─────────────────────────────────────────
Requests: 100 | Found: 5 | Errors: 0 | Duration: 2.45s
Rate: 41 req/s
- Discord: discord.gg/killers
- GitHub: bad-antics
MIT License