MCPcopy Index your code
hub / github.com/Proviesec/PSFuzz

github.com/Proviesec/PSFuzz @v1.0.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.0.0 ↗ · + Follow
423 symbols 1,235 edges 57 files 97 documented · 23%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

PSFuzz

Fast web fuzzer in Go for directory and endpoint discovery. Single binary, common fuzzer-style CLI (FUZZ, -w, -mc, -x), with built-in response modules, recursion strategies, and optional AI-driven wordlist selection.

Disclaimer: DONT BE A JERK!

Needless to mention, please use this tool very very carefully. The authors won't be responsible for any consequences.

Requirements: Go 1.21+

Install

go build -o psfuzz .
# or: make build

Usage

./psfuzz -u https://example.com/FUZZ -w default -o scan
# → scan.txt; use -of json for scan.json

With modules and recursion:

./psfuzz -u https://target/FUZZ -w wordlist.txt -c 20 -D 2 -modules fingerprint,cors,links -enqueue-module-urls links -of json -o scan

Full flag reference: ./psfuzz -h. Copy-paste examples: CHEATSHEET.md.

Features

  • Familiar CLI: FUZZ placeholder, wordlists, filters (-mc, -fc, -ms, -fr), proxy (-x), replay proxy, raw request file
  • Response modules: fingerprint, CORS, headers, secrets, auth, AI verdict, URL/link extraction — output in TXT, JSON, HTML, CSV, NDJSON, compat JSON
  • Link-driven discovery: enqueue URLs from HTML/body (-enqueue-module-urls links), depth limit
  • Explore AI: one-shot probe + AI wordlist/extensions suggestion (OpenAI, Ollama, or Gemini); then run scan with suggested -w/-e
  • Recursion: -recursion-strategy default|greedy, 403/401 bypass variants, WAF-adaptive slowdown, per-host wildcard
  • Control: -maxtime / -maxtime-job, resume, stop on status/matches/errors, HTTP/2, VHost, audit log (NDJSON)

Response modules

Module Description
fingerprint Tech detection (nginx, PHP, WordPress, etc.)
cors CORS header evaluation
headers Security headers (CSP, HSTS, X-Frame-Options, Set-Cookie)
secrets Secret patterns in body/headers (AWS, JWT, etc.)
auth Login form, 401, redirect-to-login, session cookies
ai AI verdict (openai | ollama | gemini); -ai-prompt, -ai-provider
urlextract URLs from body + Location
links HTML links → absolute URLs; use with -enqueue-module-urls links

Details: MODULES.md.

Config

-cf config.json. Load order: config → preset → CLI. Example: config.example.json. Options: auditLog, enqueueModuleUrls, extractedUrlsFile, etc.

Security

  • Safe mode (default): blocks loopback, private and link-local IPs. Redirect targets validated (no file:// or internal IPs). -safe=false for local use.
  • Timeouts: -timeout 0 → 30s. -max-size 0 → 10 MiB body cap.
  • TLS: -insecure / -k to skip certificate verification.
  • Scope: -allow-hosts host1,host2. Login: -login-url, -login-user, -login-pass or -login-body.

Documentation

Doc Description
CHEATSHEET.md Commands and examples
MODULES.md Response modules
RECURSION.md Recursion and strategy
DOCKER.md Docker build and run
TESTING.md Tests and param script
CONTRIBUTING.md Contributing
ROADMAP.md Planned features
IDEAS.md Future ideas
CHANGELOG.md Release history

CI: go build, go test, go vet on push/PR (.github/workflows/ci.yml).

Project layout

main.go              # CLI
internal/config      # Flags, config file, validation
internal/encoder     # Payload encoders (urlencode, base64, etc.)
internal/httpx       # HTTP client, safe-mode, redirect checks
internal/engine      # Task queue, workers, recursion, report
internal/filter      # Status/length/regex/dedupe
internal/llm         # LLM client (OpenAI, Ollama, Gemini) for AI/Explore
internal/output      # TXT, JSON, HTML, CSV, NDJSON, compat JSON
internal/modules     # Response analyzers

License

Use only on systems you are authorized to test.

Extension points exported contracts — how you extend this code

Analyzer (Interface)
Analyzer is the interface for response-analysis modules (fingerprint, CORS, AI, etc.). [8 implementers]
internal/modules/module.go
Doer (Interface)
Doer performs HTTP requests. *Client implements Doer. [1 implementers]
internal/httpx/client.go
AllowFilter (Interface)
AllowFilter decides whether a response passes the filter (should be reported as a hit). *Pipeline implements AllowFilter [1 …
internal/filter/filter.go

Core symbols most depended-on inside this repo

isSet
called by 130
internal/config/apply_cli.go
Close
called by 48
internal/httpx/client.go
Load
called by 29
internal/config/config.go
Allow
called by 26
internal/filter/filter.go
Analyze
called by 24
internal/modules/module.go
MatchAnyRange
called by 20
internal/config/config.go
ParseCSV
called by 15
internal/config/config.go
Name
called by 12
internal/modules/module.go

Shape

Function 330
Method 49
Struct 39
Interface 3
FuncType 1
TypeAlias 1

Languages

Go100%

Modules by API surface

internal/engine/engine.go31 symbols
internal/config/config.go30 symbols
internal/config/config_test.go29 symbols
internal/engine/explore.go22 symbols
internal/httpx/client.go20 symbols
internal/output/output.go18 symbols
internal/llm/llm.go15 symbols
internal/engine/util_test.go13 symbols
internal/engine/util.go13 symbols
internal/engine/explore_test.go12 symbols
internal/httpx/httpx_test.go11 symbols
internal/filter/filter.go11 symbols

For agents

$ claude mcp add PSFuzz \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page