Fastest recursive HTTP fuzzer, like a Ferrari.

Medusa

Fastest recursive HTTP fuzzer, like a Ferrari.

Travis GitHub version Go Report Card GoDoc codecov

demo

Usage

Usage: medusa [options...]
Options:
-u                    Single URL  
-uL                   URL list file path (line by line)
-e                    Extension 
-s                    Force schema (uses default http if does not contains url)
-ua                   User-agent value (default %s)
-cP                   Postive status codes (seperate by comma)
-cN                   Negative status codes (seperate by comma)
-x                    Bypass SSL verification
-t                    HTTP response timeout (10s)
-r                    Enable recursive fuzzing
-w                    Directory wordlist (line by line)
-v                    Verbose mode, show logs
-conc                 Maximum concurrent requests
-cpus                 Number of used cpu cores.

Known issues

socket: too many open file

The solution to this is to increase ulimit, you can solve this problem by typing ulimit -n 8129 before running Medusa.

Owner
Rıza Sabuncu
net/http
Rıza Sabuncu
https://github.com/riza/medusa
Similar Resources

HTTP middleware for Go that facilitates some quick security wins.

Secure Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many fram

Jan 3, 2023

HTTP/HTTPS MITM proxy and recorder.

HTTP/HTTPS MITM proxy and recorder.

Hyperfox Hyperfox is a security auditing tool that proxies and records HTTP and HTTPS traffic between two points. Installation You can install the lat

Jan 9, 2023

Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

hashfs Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

Dec 1, 2022

PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS

PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS

CVE-2015-1635 PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS ./MS15-034 URL RESOURCE FLAG [0 or 18] Note

Nov 3, 2021

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Dec 30, 2022

CS http Dynamic Encrypt Bridge.

CS http Dynamic Encrypt Bridge.

CS http Dynamic Encrypt Bridge.

Nov 25, 2022

Basic honeypot to capture log4shell payloads within HTTP headers.

log4shell-honeypot Catch and download log4shell payloads sent within HTTP headers. Modified version of Adikso's minecraft honeypot Setup git clone $re

Sep 2, 2022

A Flask-based HTTP(S) command and control (C2) framework with a web frontend. Malleable agents written in Go and scripts written in bash.

▄▄▄▄ ██▓ █████▒██▀███ ▒█████ ██████ ▄▄▄█████▓ ▓█████▄ ▓██▒▓██ ▒▓██ ▒ ██▒▒██▒ ██▒▒██ ▒ ▓ ██▒ ▓▒ ▒██▒ ▄██▒██▒▒████ ░▓██ ░▄█ ▒▒██░ ██▒░

Dec 24, 2022

fuzzer for a single http parameter which checks if the response does/does not contain a certain given string

single http parameter fuzzer DISCLAIMER: ONLY USE THIS PROGRAM ON TARGETS YOU HAVE PERMISSION TO FUZZ! Initially used as a "poor man's" http fuzzer fo

Dec 19, 2021

Fast web fuzzer written in Go

Fast web fuzzer written in Go

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \

Jan 5, 2023

An unsupervised coverage-guided kernel fuzzer

syzkaller - kernel fuzzer syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuch

Oct 27, 2021

Easy-to-use web fuzzer, written in Go.

Brutal A lightweight, simple to use web fuzzer. Usage Brutal is pretty easy to use. Command Description --debug print more details about the runtime -

Jul 8, 2022

Ffuf - A fast web fuzzer written in Golang

Ffuf - A fast web fuzzer written in Golang

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \

Jan 2, 2022

The fastest HTTP/2 Go Web Framework. AWS Lambda, gRPC, MVC, Unique Router, Websockets, Sessions, Test suite, Dependency Injection and more. A true successor of expressjs and laravel | 谢谢 https://github.com/kataras/iris/issues/1329 |

The fastest HTTP/2 Go Web Framework. AWS Lambda, gRPC, MVC, Unique Router, Websockets, Sessions, Test suite, Dependency Injection and more. A true successor of expressjs and laravel | 谢谢 https://github.com/kataras/iris/issues/1329 |

News This is the under-development branch. Stay tuned for the upcoming release v12.2.0. Looking for a stable release? Head over to the v12.1.8 branch

Dec 28, 2022

go-up! A simple configuration library with recursive placeholders resolution and no magic.

go-up! A simple configuration library with placeholders resolution and no magic. go-up provides a simple way to configure an application from multiple

Nov 23, 2022

A Go recursive coverage testing tool

roveralls A Go recursive coverage testing tool. roveralls runs coverage tests on a package and all its sub-packages. The coverage profile is output as

Sep 26, 2022

Privacy important, fast, recursive dns resolver server with dnssec support

Privacy important, fast, recursive dns resolver server with dnssec support

🚀 Privacy important, fast, recursive dns resolver server with dnssec support Installation go get github.com/semihalev/sdns Pre-build Binaries Downloa

Dec 26, 2022

concurrent recursive whois resolution

drwho - concurrent 'whois' queries given a set of ip addresses (v4 and v6), concurrently queries whois servers about them. example populate a file wit

Dec 28, 2021

Solution to elevator test problem but this time recursive and in go

Synopsis A multi-floor building has a Lift in it. People are queued on different floors waiting for the Lift. Some people want to go up. Some people w

Nov 8, 2021
Comments
  • Error and request

    Error and request

    It's really fast However there are some issues when scanning different ports or recursively scanning.It would be fine if it works as / FUZZ like other large fuzers.hope you continue to improve.

Related tags
Security fuzzing directory-finder
Ffuf - A fast web fuzzer written in Golang
 Ffuf - A fast web fuzzer written in Golang

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \

Jan 2, 2022
The fastest dork scanner written in Go.
 The fastest dork scanner written in Go.

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

Jan 1, 2023
The fastest dork scanner written in Go.
 The fastest dork scanner written in Go.

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

Jan 28, 2022
Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.

This is very similar to GenericPotato - I referenced it heavily while researching. Gotato starts a named pipe or web server and waits for input. Once

Nov 9, 2022
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
 An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C

Jan 6, 2023
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Lightweight static analysis for many languages. Find bugs and enforce code standards. Semgrep is a fast, open-source, static analysis tool that finds

Jan 9, 2023
Git-like capabilities for your object storage
 Git-like capabilities for your object storage

What is lakeFS lakeFS is an open source layer that delivers resilience and manageability to object-storage based data lakes. With lakeFS you can build

Dec 30, 2022
A fully self-contained Nmap like parallel port scanning module in pure Golang that supports SYN-ACK (Silent Scans)

gomap What is gomap? Gomap is a fully self-contained nmap like module for Golang. Unlike other projects which provide nmap C bindings or rely on other

Dec 10, 2022
PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

PHP Functions for Golang - phpfuncs PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. Y

Dec 30, 2022
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.
 Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Drift

Dec 29, 2022