HTTP Fuzzer backed with Machine Learning. The concept is shown on fuzzing of a server HTTP headers. More explanation to the idea can be found here.
pip3 install -r requirements.txt
or
docker pull uranusq/ml_fuzz
- Newline-separated URLs in file:
python main.py -f ./data/test_urls.txt
- Single URL usage with debug output:
python main.py -u https://youtube.com -d
Debug output also contains model predictions. Example output:
- Docker usage:
docker run -it uranusq/ml_fuzz -u https://instagram.com -d
./data
- contains CSV datasets and Burp output./save
- pretrained models and vocabularymain.py
- proof of conceptfuzzer.py
- fuzzer implementationburpParser.py
- used to parse Burp .XML outputtransformer.py
- Transformer architecture and model interfacetrain.py
- preparing data and training the modelutils.py
- auxiliary functions