The lessgo from polysafe

     _
    | |___ ___ ___ ___ ___
    | | -_|_ -|_ -| . | . |
    |_|___|___|___|_  |___|
                  |___|

𝖑𝖊𝖘𝖘𝖌𝖔

A fast web fuzzer in golang

𝔸 𝕟𝕖𝕠𝕟𝕚𝕗𝕚𝕖𝕕 𝕥𝕠𝕠𝕝

Features
Installation
Usage
Examples
Support/Feedback

FEATURES

Speed
- It is super fast as it uses golang
- It has 50 go routines (threads) by default , you can alter them by passing the flag -c
Easy Usage
- It is very easy to install & use
Cross Platform

REQUIREMENTS

GoLang

INSTALLATION

Same works for updating

$ go get -u github.com/neonify/lessgo
$ cd /usr/bin
$ go build github.com/neonify/lessgo

USAGE

Enter the URL by passing the flag -u , replace the value to be fuzzed with the word FUZZ
Enter the wordlist by passing the flag -f

Example :

lessgo -u https://www.example.com/FUZZ -f wordlist.txt

FLAGS

REQUIRED
-u      to specify the url 

CHOOSE ANY ONE 
-B      to specify a number range for pure bruteforce
-f      to specify the wordlist
-subd   wordlist of common subdomains (length : 871)
-dirs   wordlist of common directories (length : 1273822)
-lfi    wordlist of local file inclusion payloads (length : 961)

OPTIONAL 
-h      for help
-c      no of threads (default : 50)
-R      to follow redirects (default : false)
-G      to grep the given status codes (default : *)
-E      to exclude/hide the given status code (default : none)
-W      to grep a word (default : none)
-H      to specify the file containg headers
-D      to specify data to be sent (default : none)
-T      to specify timeout (default : 0)

FUZZING GET DATA

STEPS

Enter the parameters & their values as a part of the url
Replace the value tp be fuzzed with the word FUZZ

EXAMPLE

https://www.example.com?id=123&pwd=FUZZ

FUZZING POST DATA

STEPS

Enter the parameters and values by passing the flag -D
- The parameters and their values should be differenciated by a = sign
- A combination of a parameter and its value should be differnciated from the other by a & sign.
Replace the value to be fuzzed with the word FUZZ

EXAMPLE

-D "id=123&pwd=FUZZ"

Command

lessgo -u https://www.example.com -D "uid=1001&pwd=FUZZ" -f list.txt

FUZZING HEADERS

STEPS

Paste the headers in a file
- The parameters and their values should be differenciated by a : sign
- A combination of parameter and its value should be differenciated from other by a new line
Replace the value/parameter to be fuzzed with the word FUZZ
Specify the file name by passing the flag -H

EXAMPLE OF FILE CONTAINING HEADERS

Host: FUZZ
Accept: */*
Connection: close
User-Agent: lessgo fuzzer
Referer: www.google.com

Command

lessgo -u https://www.example.com -H file_containing_headers.txt

EXAMPLES

For Fuzzing GET data

lessgo -u https://www.example.com?id=FUZZ -f list.txt

For Grepping Status Codes

lessgo -u https://FUZZ.example.com -subd -G 403,404,400

For Pure Bruteforcing numbers

lessgo -u https://www.example.com?id=FUZZ -B 0-10

For subdomain fuzzing

lessgo -u https://FUZZ.example.com -subd

Attacking for Directories/Local File Inclusion

lessgo -u https://www.example.com/FUZZ -dirs/-lfi

VERSION

v 2.1.1

SUPPORT-FEEDBACK

SUPPORT

FEEDBACK

STARGAZERS

polysafe / lessgo Goto Github PK

lessgo's Introduction

𝖑𝖊𝖘𝖘𝖌𝖔

Table Of Contents

FEATURES

REQUIREMENTS

INSTALLATION

Same works for updating

USAGE

FLAGS

FUZZING GET DATA

FUZZING POST DATA

FUZZING HEADERS

EXAMPLES

VERSION

SUPPORT-FEEDBACK

Support us by hitting the star button above

lessgo's People

Contributors

Recommend Projects

Recommend Topics

Recommend Org

Support us by hitting the star button `above`