Skip to content

Fuzz Discovery Attack

2016-12-01 00:46:17

# python 3.4

import urllib.request
import urllib.parse

import colorama

print('----------- Discovery Attack -----------')

url = "http://local.host/file.php?page=[PLACEHOLDER].php"
payloadFile = "../_discovery/WordlistSkipfish.fuzz.txt"
counter = 0

with open(payloadFile) as file:
    for line in file:

        counter += 1

        sample = line.rstrip()
        url2 = url.replace("[PLACEHOLDER]", sample)

        response = urllib.request.urlopen(url2)
        data = response.read().decode('utf-8')

        if '404 - Page Not Found' in data:
            print("[" + str(counter) + "]- request: " + url2 + " / " + colorama.Fore.GREEN + ' 404' + colorama.Fore.RESET)
        else:
            print("[" + str(counter) + "]- request: " + url2 + " / " + colorama.Fore.RED + ' we have something' + colorama.Fore.RESET)