lessgo

command module
v0.0.0-...-5063546 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2020 License: GPL-3.0 Imports: 3 Imported by: 0

README ΒΆ 

     _
    | |___ ___ ___ ___ ___
    | | -_|_ -|_ -| . | . |
    |_|___|___|___|_  |___|
                  |___|



π–‘π–Šπ–˜π–˜π–Œπ–”

A fast web fuzzer in golang


𝔸 π•Ÿπ•–π• π•Ÿπ•šπ•—π•šπ•–π•• π•₯𝕠𝕠𝕝

Table Of Contents

FEATURES

  • Speed
    • It is super fast as it uses golang
    • It has 50 go routines (threads) by default , you can alter them by passing the flag -c
  • Easy Usage
  • Cross Platform

REQUIREMENTS

INSTALLATION

Same works for updating
$ go get -u github.com/neonify/lessgo
$ cd /usr/bin
$ go build github.com/neonify/lessgo

USAGE

  • Enter the URL by passing the flag -u , replace the value to be fuzzed with the word FUZZ

  • Enter the wordlist by passing the flag -f

Example :

lessgo -u https://www.example.com/FUZZ -f wordlist.txt
FLAGS
REQUIRED
-u      to specify the url 

CHOOSE ANY ONE 
-B      to specify a number range for pure bruteforce
-f      to specify the wordlist
-subd   wordlist of common subdomains (length : 871)
-dirs   wordlist of common directories (length : 1273822)
-lfi    wordlist of local file inclusion payloads (length : 961)

OPTIONAL 
-h      for help
-c      no of threads (default : 50)
-R      to follow redirects (default : false)
-G      to grep the given status codes (default : *)
-E      to exclude/hide the given status code (default : none)
-W      to grep a word (default : none)
-H      to specify the file containg headers
-D      to specify data to be sent (default : none)
-T      to specify timeout (default : 0)

FUZZING GET DATA

STEPS

  • Enter the parameters & their values as a part of the url
  • Replace the value tp be fuzzed with the word FUZZ

EXAMPLE

https://www.example.com?id=123&pwd=FUZZ

FUZZING POST DATA

STEPS

  • Enter the parameters and values by passing the flag -D
    • The parameters and their values should be differenciated by a = sign
    • A combination of a parameter and its value should be differnciated from the other by a & sign.
  • Replace the value to be fuzzed with the word FUZZ

EXAMPLE

-D "id=123&pwd=FUZZ"
Command 
lessgo -u https://www.example.com -D "uid=1001&pwd=FUZZ" -f list.txt

FUZZING HEADERS

STEPS

  • Paste the headers in a file
    • The parameters and their values should be differenciated by a : sign
    • A combination of parameter and its value should be differenciated from other by a new line
  • Replace the value/parameter to be fuzzed with the word FUZZ
  • Specify the file name by passing the flag -H

EXAMPLE OF FILE CONTAINING HEADERS

Host: FUZZ
Accept: */*
Connection: close
User-Agent: lessgo fuzzer
Referer: www.google.com
Command 
lessgo -u https://www.example.com -H file_containing_headers.txt

EXAMPLES

  • For Fuzzing GET data
lessgo -u https://www.example.com?id=FUZZ -f list.txt
  • For Grepping Status Codes
lessgo -u https://FUZZ.example.com -subd -G 403,404,400
  • For Pure Bruteforcing numbers
lessgo -u https://www.example.com?id=FUZZ -B 0-10
  • For subdomain fuzzing
lessgo -u https://FUZZ.example.com -subd
  • Attacking for Directories/Local File Inclusion
lessgo -u https://www.example.com/FUZZ -dirs/-lfi

VERSION

v 2.1.1

SUPPORT-FEEDBACK

SUPPORT

FEEDBACK

STARGAZERS

Support us by hitting the star button above

Documentation ΒΆ

The Go Gopher

There is no documentation for this package.

Source Files ΒΆ

View all Source files

Directories ΒΆ

Path Synopsis
pkg
fuzz
input
lessgo

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.