HTTP Fuzzer backed with Machine Learning. The concept is shown on fuzzing of a server HTTP headers. More explanation to the idea can be found here.
pip3 install -r requirements.txt
or
docker pull uranusq/ml_fuzz
- Newline-separated URLs in file:
python main.py -f ./data/test_urls.txt
- Single URL usage with debug output:
python main.py -u https://youtube.com -d
Debug output also contains model predictions. Example output:
- Docker usage:
docker run -it uranusq/ml_fuzz -u https://instagram.com -d
./data- contains CSV datasets and Burp output./save- pretrained models and vocabularymain.py- proof of conceptfuzzer.py- fuzzer implementationburpParser.py- used to parse Burp .XML outputtransformer.py- Transformer architecture and model interfacetrain.py- preparing data and training the modelutils.py- auxiliary functions