An asynchronous and highly configurable URL fuzzing tool designed to quickly discover active endpoints on websites for penetration testing purposes.
Explore URLs of domains fast and efficiently using fuzzing techniques
This tool is primarily used by penetration testers and red teamers to efficiently explore and identify active URLs and endpoints on target websites using customizable fuzzing wordlists. It helps uncover potentially hidden or unlinked resources that could be vulnerable or useful for further security assessments.
Users should employ this tool responsibly and ethically, as aggressive fuzzing can trigger DDOS protections or impact target site availability. The tool automatically adjusts concurrency to mitigate blocking, but users should still consider legal and ethical guidelines before scanning any website.
git clone git@github.com:avilum/smart-url-fuzzer.git
cd smart-url-fuzzer
pip install -r requirements.txt./fuzz
Runs the fuzzer against the default or specified target URL to find all active endpoints.
python fuzz.py --help
Displays help information and usage options for the fuzz.py script.
python fuzz.py -u https://example.com/
Starts fuzzing the specified target website using the default wordlist.
python fuzz.py -u https://www.facebook.com -l words_lists/list-php.txt
Fuzzes the target website using a custom wordlist file to discover PHP endpoints.