_
| |___ ___ ___ ___ ___
| | -_|_ -|_ -| . | . |
|_|___|___|___|_ |___|
|___|
A fast web fuzzer in golang
𝔸 𝕟𝕖𝕠𝕟𝕚𝕗𝕚𝕖𝕕 𝕥𝕠𝕠𝕝
- Speed
- It is super fast as it uses golang
- It has 50 go routines (threads) by default , you can alter them by passing
the flag
-c
- Easy Usage
- It is very easy to
install& use
- It is very easy to
- Cross Platform
$ go get -u github.com/neonify/lessgo
$ cd /usr/bin
$ go build github.com/neonify/lessgo-
Enter the URL by passing the flag
-u, replace the value to be fuzzed with the wordFUZZ -
Enter the wordlist by passing the flag
-f
Example :
lessgo -u https://www.example.com/FUZZ -f wordlist.txt
REQUIRED
-u to specify the url
CHOOSE ANY ONE
-B to specify a number range for pure bruteforce
-f to specify the wordlist
-subd wordlist of common subdomains (length : 871)
-dirs wordlist of common directories (length : 1273822)
-lfi wordlist of local file inclusion payloads (length : 961)
OPTIONAL
-h for help
-c no of threads (default : 50)
-R to follow redirects (default : false)
-G to grep the given status codes (default : *)
-E to exclude/hide the given status code (default : none)
-W to grep a word (default : none)
-H to specify the file containg headers
-D to specify data to be sent (default : none)
-T to specify timeout (default : 0)
STEPS
- Enter the parameters & their values as a part of the url
- Replace the value tp be fuzzed with the word
FUZZ
EXAMPLE
https://www.example.com?id=123&pwd=FUZZ
STEPS
- Enter the parameters and values by passing the flag
-D- The parameters and their values should be differenciated by a
=sign - A combination of a parameter and its value should be differnciated
from the other by a
&sign.
- The parameters and their values should be differenciated by a
- Replace the value to be fuzzed with the word
FUZZ
EXAMPLE
-D "id=123&pwd=FUZZ"
Command
lessgo -u https://www.example.com -D "uid=1001&pwd=FUZZ" -f list.txt
STEPS
- Paste the headers in a file
- The parameters and their values should be differenciated by a
:sign - A combination of parameter and its value should be differenciated from other by a new line
- The parameters and their values should be differenciated by a
- Replace the value/parameter to be fuzzed with the word
FUZZ - Specify the file name by passing the flag
-H
EXAMPLE OF FILE CONTAINING HEADERS
Host: FUZZ
Accept: */*
Connection: close
User-Agent: lessgo fuzzer
Referer: www.google.com
Command
lessgo -u https://www.example.com -H file_containing_headers.txt
- For Fuzzing
GETdata
lessgo -u https://www.example.com?id=FUZZ -f list.txt
- For Grepping Status Codes
lessgo -u https://FUZZ.example.com -subd -G 403,404,400
- For Pure Bruteforcing
numbers
lessgo -u https://www.example.com?id=FUZZ -B 0-10
- For subdomain fuzzing
lessgo -u https://FUZZ.example.com -subd
- Attacking for Directories/Local File Inclusion
lessgo -u https://www.example.com/FUZZ -dirs/-lfi
v 2.1.1
SUPPORT
FEEDBACK
STARGAZERS
Support us by hitting the star button above
