A powerful fuzzing tool for web application testing.
# TODO - Add installation instructions hereruzz [action options] [configuration options]-
-tl, --targets-list <file>
Path to a file containing a list of targets. Fuzz placeholders must be enclosed in colons (e.g.,:FUZZ1:,:FUZZ2:).
Note: Placeholders are case-sensitive. -
-t, --target <target>
Single target (can be a URL, domain, or IP address).
-wm, --wordlists-mapping <mapping>
Define wordlists for fuzzing using JSON format:-wm "{'fuzz1':'path/to/wordlists/fuzz1.txt', 'fuzz2':'path/to/wordlists/fuzz2.txt'}"
-m, --mode <mode>
Fuzzing mode (default:shuffle):shuffle: Tests all possible combinations between wordlistsrow: Tests line-by-line (first line of fuzz1 with first line of fuzz2, and so on)
-
-ic, --include-code <codes>
Only include responses with specific status codes (comma-separated).
Example:200,300,405 -
-ec, --exclude-code <codes>
Exclude responses with specific status codes (comma-separated).
Example:404,414
-
-v, --verbose <level>
Set verbosity level:info,debug, orerror -
-H, --header <header>
Add custom HTTP header -
-C, --cookie <cookie>
Add cookie to requests -
-x, --threads <number>
Number of concurrent threads -
-r, --rate-limit <rate>
Rate limit in requests per second -
-d, --delay <seconds>
Delay between each request
ruzz -tl path/to/target/list.txt -wm "{'FUZZ1':'wordlist1.txt', 'FUZZ2':'wordlist2.txt'}"ruzz -t google.com/:FUZZ1:/:FUZZ2: -wm "{'FUZZ1':'dirs.txt', 'FUZZ2':'files.txt'}"ruzz -t example.com/api/:FUZZ1: \
-wm "{'FUZZ1':'endpoints.txt'}" \
-ic 200,201,301 \
-x 10 \
-r 50 \
-H "Authorization: Bearer token" \
-v debugruzz -t target.com/:FUZZ1:/:FUZZ2: \
-wm "{'FUZZ1':'users.txt', 'FUZZ2':'passwords.txt'}" \
-m row \
-ec 404This project is licensed under the MIT License - see the LICENSE file for details.
See the CONTRIBUTING guide for details on how to contribute to this project.
made with ❤️ by Lucas Bazan