PSFuzz

command module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2026 License: MIT Imports: 10 Imported by: 0

README

PSFuzz

Fast web fuzzer in Go for directory and endpoint discovery. Single binary, common fuzzer-style CLI (FUZZ, -w, -mc, -x), with built-in response modules, recursion strategies, and optional AI-driven wordlist selection.

Disclaimer: DONT BE A JERK!

Needless to mention, please use this tool very very carefully. The authors won't be responsible for any consequences.

Requirements: Go 1.21+

Install

go build -o psfuzz .
# or: make build

Usage

./psfuzz -u https://example.com/FUZZ -w default -o scan
# → scan.txt; use -of json for scan.json

With modules and recursion:

./psfuzz -u https://target/FUZZ -w wordlist.txt -c 20 -D 2 -modules fingerprint,cors,links -enqueue-module-urls links -of json -o scan

Full flag reference: ./psfuzz -h. Copy-paste examples: CHEATSHEET.md.

Features

  • Familiar CLI: FUZZ placeholder, wordlists, filters (-mc, -fc, -ms, -fr), proxy (-x), replay proxy, raw request file
  • Response modules: fingerprint, CORS, headers, secrets, auth, AI verdict, URL/link extraction — output in TXT, JSON, HTML, CSV, NDJSON, compat JSON
  • Link-driven discovery: enqueue URLs from HTML/body (-enqueue-module-urls links), depth limit
  • Explore AI: one-shot probe + AI wordlist/extensions suggestion (OpenAI, Ollama, or Gemini); then run scan with suggested -w/-e
  • Recursion: -recursion-strategy default|greedy, 403/401 bypass variants, WAF-adaptive slowdown, per-host wildcard
  • Control: -maxtime / -maxtime-job, resume, stop on status/matches/errors, HTTP/2, VHost, audit log (NDJSON)

Response modules

Module Description
fingerprint Tech detection (nginx, PHP, WordPress, etc.)
cors CORS header evaluation
headers Security headers (CSP, HSTS, X-Frame-Options, Set-Cookie)
secrets Secret patterns in body/headers (AWS, JWT, etc.)
auth Login form, 401, redirect-to-login, session cookies
ai AI verdict (openai | ollama | gemini); -ai-prompt, -ai-provider
urlextract URLs from body + Location
links HTML links → absolute URLs; use with -enqueue-module-urls links

Details: MODULES.md.

Config

-cf config.json. Load order: config → preset → CLI. Example: config.example.json. Options: auditLog, enqueueModuleUrls, extractedUrlsFile, etc.

Security

  • Safe mode (default): blocks loopback, private and link-local IPs. Redirect targets validated (no file:// or internal IPs). -safe=false for local use.
  • Timeouts: -timeout 0 → 30s. -max-size 0 → 10 MiB body cap.
  • TLS: -insecure / -k to skip certificate verification.
  • Scope: -allow-hosts host1,host2. Login: -login-url, -login-user, -login-pass or -login-body.

Documentation

Doc Description
CHEATSHEET.md Commands and examples
MODULES.md Response modules
RECURSION.md Recursion and strategy
DOCKER.md Docker build and run
TESTING.md Tests and param script
CONTRIBUTING.md Contributing
ROADMAP.md Planned features
IDEAS.md Future ideas
CHANGELOG.md Release history

CI: go build, go test, go vet on push/PR (.github/workflows/ci.yml).

Project layout

main.go              # CLI
internal/config      # Flags, config file, validation
internal/encoder     # Payload encoders (urlencode, base64, etc.)
internal/httpx       # HTTP client, safe-mode, redirect checks
internal/engine      # Task queue, workers, recursion, report
internal/filter      # Status/length/regex/dedupe
internal/llm         # LLM client (OpenAI, Ollama, Gemini) for AI/Explore
internal/output      # TXT, JSON, HTML, CSV, NDJSON, compat JSON
internal/modules     # Response analyzers

License

Use only on systems you are authorized to test.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
config
Package config loads and applies PSFuzz configuration from CLI flags, optional JSON file (-cf), and presets.
 Package config loads and applies PSFuzz configuration from CLI flags, optional JSON file (-cf), and presets.
encoder
engine
Package engine runs the fuzzing scan: produces tasks from wordlists and base URLs, runs concurrent workers, applies filters and response modules, and builds the report.
 Package engine runs the fuzzing scan: produces tasks from wordlists and base URLs, runs concurrent workers, applies filters and response modules, and builds the report.
filter
Package filter implements response filtering (status, length, words, regex, duplicates) so only allowed findings are reported.
 Package filter implements response filtering (status, length, words, regex, duplicates) so only allowed findings are reported.
httpx
Package httpx provides an HTTP client for PSFuzz with proxy, TLS, throttling, and safe-mode (no loopback) support.
 Package httpx provides an HTTP client for PSFuzz with proxy, TLS, throttling, and safe-mode (no loopback) support.
llm
Package llm provides a shared layer for calling LLM backends (OpenAI, Ollama, Gemini).
 Package llm provides a shared layer for calling LLM backends (OpenAI, Ollama, Gemini).
modules
output

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.