Metadata-Version: 2.1
Name: userefuzz
Version: 2.1.0
Summary: User-Agent and Referer Header SQLI Fuzzer
Home-page: https://github.com/root-tanishq/userefuzz
Author: Tanishq Rathore
License: MIT
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Description-Content-Type: text/markdown
License-File: LICENSE

<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/userefuzz_icon.png">
</p>
<h1 align="center">

[![PYPI](https://img.shields.io/badge/PYPI-UseReFuzz-orange)](https://pypi.org/project/userefuzz/) 
[![MIT](https://img.shields.io/github/license/root-tanishq/userefuzz)](https://github.com/root-tanishq/userefuzz/blob/main/LICENSE) 
[![Version](https://img.shields.io/badge/Latest--Version-2.1.0-brightgreen)](#)
[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/root_tanishq.svg?style=social&label=Follow%20%40root_tanishq)](https://twitter.com/root_tanishq) <br />
[![Youtube](https://img.shields.io/youtube/channel/subscribers/UC0HLRnmOx3x_hsAGAdG9VaQ?style=social)](https://www.youtube.com/@boyfromfuture69)
[![Github](https://img.shields.io/github/stars/root-tanishq/userefuzz?style=social)](https://github.com/root-tanishq/userefuzz/stargazers)
[![Expy](https://img.shields.io/badge/Author-Tanishq%20Rathore-blue)](https://expy.bio/tanishq)
</h1>

<h3 align="center">

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer made with `python`<br/>
**Works on `linux`, `Windows` and `MacOS` based systems**<br />
</h3>

<table>
<tr>
<td>  

<h3 align="center">

### Legal Disclaimer
</h3>
Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
<br />


</td>
</tr>
</table>

<h1 align="center">

# Installation
</h1>

### pip

```sh
pip install userefuzz
```

### setup

```sh
git clone https://github.com/root-tanishq/userefuzz
cd userefuzz
python3 setup.py install
```

<h1 align="center">

# Usage  
</h1>
<h2 align="center">

## Parsing URLs
</h2>

### Parsing a list of URLs
```sh
$ userefuzz -l <LIST>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_list.png">
</p>

### Parsing a URL
```sh
$ userefuzz -u <URL>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_url.png">
</p>

### Parsing stdin URLs 
```sh
$ <STDIN LIST> | userefuzz
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_stdin.png">

> Use `-v` switch for verbose(includes non-vuln detected URLs) output 

</p>
<h2 align="center">

## Multi Processing
</h2>

> Multi Processing will create more process and will increase the speed of the tool.

```sh
$ userefuzz <LIST / URL> -w <WORKER COUNT>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_workers.png">
</p>

<h2 align="center">

## Proxy Interception And Custom Injection
</h2>

### Proxy interception of vulnerable request
```sh
$ userefuzz <LIST/URL> -p <PROXY>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_proxy.png">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_proxy2.png">
</p>

### Custom message in request
```sh
$ userefuzz <LIST/URL> -m <MESSAGE>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_msg.png">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_msg2.png">
</p>

### Custom payload with custom sleep
```sh
$ userefuzz <LIST/URL> -i <CUSTOM SQLI PAYLOAD> -s <SLEEP COUNT IN THE PAYLOAD>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_pinject.png">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_pinject2.png">
</p>

### Multi payload with custom sleep
```sh
$ userefuzz <LIST/URL> -i <SQLI PAYLOAD FILE> -s <SLEEP COUNT IN THE PAYLOAD>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_finject.png">
</p>

### Custom header injection
```sh
$ userefuzz <LIST/URL> -ch <CUSTOM HEADER NAME>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_finject2.png">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_sch2.png">
</p>

### Multi header injection
> For multiple headers use `|` as shown below.
```sh
$ userefuzz <LIST/URL> -ch <CUSTOM HEADER NAME|OTHER HEADERS> 
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_mch.png">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_mch2.png">
</p>


<h2 align="center">

## Output
</h2>

### Markdown output
```sh
$ userefuzz <LIST/URL> -o <OUTPUT FILE NAME WITHOUT EXT>
```
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_output.png">
</p>



### Output file content
<p align="center">
<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_out_md.png">
</p>
<table>
<tr>
<td>  
<h2 align="center">

## Telify Notifications
</h2>

> The Tool uses [Telify](https://github.com/root-tanishq/telify) configuration file for sending notification .So inorder to use this feature you need to setup telify.

```sh
$ userefuzz <LIST / URL> -t
```

</td>
</tr>
</table>


