rustfuzz is a high-performance, advanced web fuzzer written in Rust. It’s designed for security professionals and developers to discover hidden files, directories, and vulnerabilities on web servers. Inspired by tools like ffuf, rustfuzz emphasizes speed, flexibility, and modern security research workflows.
- 🌐 URL and Directory Fuzzing: Quickly identify hidden endpoints, files, and directories.
- ⚡ High Performance: Async/multithreaded engine for maximum speed.
- 🧰 Flexible & Customizable:
- Specify target URLs (
-u,--url) - Custom wordlists (
-w,--wordlist) - Status code matching (
-m,--matcher) - Custom headers, cookies, and authentication tokens
- Timeout and rate limiting
- Config file support (
--config) for reusable setups - Proxy support (HTTP/SOCKS5/Burp Suite)
- Export results (
--export) in JSON or CSV - Payload injection (
--payloads) - Mutation-based fuzzing (
--mutate) - Smart crawling (
--crawl) to discover more endpoints - OpenAPI/Swagger parsing (
--openapi) - Results analysis (
--analyze)
- Specify target URLs (
- 🔒 Modern Security Workflows:
- Designed for both bug bounty hunters and blue teams
- Diagnostic output and robust error handling
-
Clone the repository:
git clone https://github.com/martian58/rustfuzz.git cd rustfuzz -
Build the project using Cargo:
cargo build --release
-
The binary will be available at:
./target/release/rustfuzz
Run rustfuzz with your desired options:
./rustfuzz -u <URL> -w <wordlist> -t <threads>./rustfuzz -u https://example.com/FUZZ -w /path/to/wordlist.txt -t 20You can store your options in a TOML config file and load them with the --config flag:
./rustfuzz --config rustfuzz.tomlExample rustfuzz.toml:
url = "https://example.com"
wordlist = "wordlists/common.txt"
threads = 20
timeout = 10
matcher = "200,301,302"
proxy = "http://127.0.0.1:8080"
export = "results/output.json"
# Add other options as needed- Any command-line argument will override the value in the config file.
- The config file supports all options available via CLI.
With a proxy (e.g., Burp Suite):
./rustfuzz --config config.toml --proxy http://127.0.0.1:8080Exporting results:
./rustfuzz -u https://example.com -w words.txt --export results.jsonAdvanced fuzzing with payloads:
./rustfuzz -u https://example.com --payloads payloads/xss.txtSmart crawling:
./rustfuzz -u https://example.com --crawlAnalyze exported results:
./rustfuzz --analyze results.jsonFor the full list of options and help:
./rustfuzz --helpTo contribute or make changes:
- Ensure you have Rust installed: Rust Installation Guide
- Clone the repository and create a new branch:
git checkout -b feature/your-feature-name
- Build and test your changes:
cargo build cargo test - Push your branch and create a pull request.
- HTTP, HTTPS, and SOCKS5 proxies are supported.
- For Burp Suite integration, use
http://127.0.0.1:8080as your proxy.
This project is licensed under the GNU General Public License. See the LICENSE file for details.
We'd love to hear your feedback!
Open an issue or pull request to help improve rustfuzz.
Happy fuzzing! 🕵️♂️