PhantomFuzzer

⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿⣿⣿⣿⣿⡿⢿⡿⠃⠀⡐⠀⠘⡻⠿⠋⠛⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⡏⠈⣤⡝⠛⢻⣷⡆⠀⠀⠀⠀⠀⣤⣧⠀⠀⠀⠀⠚⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⡇⡀⠀⢴⣮⡀⠉⠁⠀⠀⠀⠀⠁⣹⠛⠋⠉⣰⢄⣠⣿⣿⣿⣿⣿⡿⡿⠿⢿⡿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⡿⠿⢇⣗⠀⢈⠙⣷⠀⡐⢀⠀⡀⠀⢀⣴⣦⡄⢂⢀⣺⣿⣿⣿⣿⠏⠁⣠⣤⣤⣤⣭⣕⡲⣌⡋⠻⠿⠿⠿⠛⠛⣛ ⣿⣿⣿⣿⣿⣇⠀⠀⠀⠀⠾⢯⡙⢇⠀⢃⢀⣀⠢⡿⠋⢐⠶⠇⣿⣿⣿⣿⠟⠁⣺⣿⣿⣿⣿⣿⣿⣿⣷⣵⡛⣃⣀⣠⣀⣠⣾⣿ ⣿⣿⣿⣿⣿⣷⠀⠀⢸⣦⠀⠀⠉⠂⠁⢆⣌⠆⡆⢷⡍⠹⠷⠸⠿⠿⠏⠁⣤⡌⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣆⠀⠀⠻⣷⣦⡀⠀⢠⠂⢾⠀⠀⠀⠀⢀⠂⠀⣤⣶⣾⣿⣿⣿⣶⣤⣤⣤⣨⡙⢿⣿⣿⣿⣿⣿⢿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⠟⠁⠀⠀⠀⠚⠋⢠⣾⣿⡼⣹⣮⣤⣰⡶⠏⠀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣼⣿⣻⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⡿⢡⣏⡇⠀⠀⠀⢀⢰⣰⢿⡛⠣⠆⢿⣿⣿⠇⠀⠀⠈⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⡇⣸⡇⠿⠀⠀⠀⡀⠸⡀⠘⠃⠀⠀⢾⢿⠇⠀⠀⠀⢀⢰⠘⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⢃⣿⡻⡀⣣⠀⠀⠀⠂⠁⠈⠈⠀⠘⠀⠄⣽⠐⠃⠀⠈⡈⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⠸⣿⣷⢄⠀⠱⡄⠀⠀⠀⢿⣷⣷⠀⠔⠈⠁⠀⠀⠀⣘⠁⠘⠻⠿⠿⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⠋⠴⣬⣨⠣⣾⣷⣥⡽⠆⠀⠀⠁⠉⠀⠀⠀⠀⢀⠀⠀⣼⠁⠀⢀⣄⡦⠭⠤⠶⠤⣬⣍⣻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣧⣤⣿⡟⢄⡙⠛⠉⠁⢃⠐⠀⠀⠀⠀⠀⠜⠀⠈⣀⡿⠋⠀⣸⡿⠛⠁⠀⠀⠘⠀⢉⠉⠹⢿⢟⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⡿⣿⣿⣿⣎⠀⠀⠀⠀⠘⠀⠁⠀⠀⠀⠀⠀⠀⠀⠟⠑⠀⠀⠈⠀⠀⠀⠀⠠⢤⠤⣨⣷⡀⠀⣚⡋⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿

PhantomFuzzer is an advanced security testing toolkit that combines traditional fuzzing techniques with machine learning capabilities to detect vulnerabilities in web applications, APIs, protocols, and files.

Features

Comprehensive Fuzzing: Multiple fuzzer types for API, protocol, and input fuzzing
Advanced Scanning: Web application, API, and file scanning capabilities
Payload Generation: Extensive library of attack payloads for various vulnerability types
Machine Learning Integration: Enhanced detection using ML algorithms (in development)
Extensible Architecture: Modular design for easy extension with new capabilities

Installation

Prerequisites

Docker (version 19.03 or higher)
Git (for cloning the repository)
Bash shell

Setup

Clone the repository:

git clone https://github.com/ghostsec420/PhantomFuzzer.git
cd PhantomFuzzer

Run the installation script:
```
./install.sh
```
This script will:
- Build the Docker image with all dependencies
- Create a wrapper script that allows you to use the phantomfuzzer command
- Set appropriate permissions
Verify the installation:
```
phantomfuzzer --help
```

Usage Guide

PhantomFuzzer has three main command groups:

scanner: Run various types of scanners against targets
fuzzer: Test applications for vulnerabilities by sending unexpected inputs
payload: Generate attack payloads for security testing

Global Options

PhantomFuzzer provides several global options to control output verbosity and formatting:

# Show minimal output (only critical messages and results)
phantomfuzzer --quiet [command]

# Show more detailed output
phantomfuzzer --verbose [command]

# Show all debug information
phantomfuzzer --debug [command]

# Disable colored output
phantomfuzzer --no-color [command]

You can combine these options as needed:

phantomfuzzer --verbose --no-color scanner web --url https://example.com

Scanning Operations

Web Application Scanning

PhantomFuzzer allows you to scan web applications for vulnerabilities:

Basic Web Scanning

phantomfuzzer scanner web --url https://example.com

Scan with Authentication

phantomfuzzer scanner web --url https://example.com --auth '{"username":"user","password":"pass"}'

Control Scan Depth

phantomfuzzer scanner web --url https://example.com --depth 2

Save Results to a File

phantomfuzzer scanner web --url https://example.com --output web_results.json --format json

API Scanning

Scan your APIs for potential vulnerabilities:

phantomfuzzer scanner api --url https://api.example.com

With OpenAPI/Swagger Specification

phantomfuzzer scanner api --url https://api.example.com --spec openapi.json

With Authentication

phantomfuzzer scanner api --url https://api.example.com --auth '{"token":"your-api-token"}'

Save Results to a File

phantomfuzzer scanner api --url https://api.example.com --output api_results.json --format json

File Scanning

Scan files and directories for vulnerabilities:

Scan a Single File

phantomfuzzer scanner file --path ./target/file.php

Recursive Directory Scan

phantomfuzzer scanner file --path ./target --recursive

Scan with File Pattern Matching

phantomfuzzer scanner file --path ./target --recursive --pattern "*.php"

Enable Machine Learning Enhanced Detection

phantomfuzzer scanner file --path ./target --ml-enhanced

Save Results to a File

phantomfuzzer scanner file --path ./target --output file_results.json --format json

Fuzzing Operations

API Fuzzing

PhantomFuzzer provides the ability to fuzz APIs by sending crafted requests. Here's how to perform API fuzzing:

Basic API Fuzzing

phantomfuzzer fuzzer api --target https://api.example.com/v1/users --method GET

POST Request Fuzzing

phantomfuzzer fuzzer api --target https://api.example.com/v1/users --method POST --data '{"username":"test"}'

Fuzz with Custom Headers

phantomfuzzer fuzzer api --target https://api.example.com/v1/users --headers '{"Authorization":"Bearer token"}'

With Authentication

phantomfuzzer fuzzer api --target https://api.example.com/v1/users --auth '{"username":"user","password":"pass"}'

Control Fuzzing Intensity

phantomfuzzer fuzzer api --target https://api.example.com/v1/users --iterations 200 --delay 0.2 --timeout 10

Save Results to a File

phantomfuzzer fuzzer api --target https://api.example.com/v1/users --output results.json --format json

Protocol Fuzzing

You can fuzz different protocols like TCP, SSH, and FTP. Below are examples:

TCP Protocol Fuzzing

phantomfuzzer fuzzer protocol --target example.com --port 80 --protocol tcp

SSH Protocol Fuzzing

phantomfuzzer fuzzer protocol --target example.com --port 22 --protocol ssh

FTP Protocol Fuzzing

phantomfuzzer fuzzer protocol --target example.com --port 21 --protocol ftp

Control Protocol Fuzzing Intensity

phantomfuzzer fuzzer protocol --target example.com --port 80 --protocol http --iterations 100 --delay 0.5 --timeout 15

Input Fuzzing

You can fuzz various types of inputs, including files, stdin, and command-line arguments.

File Input Fuzzing

phantomfuzzer fuzzer input --target ./target/application --input-type file

Command-Line Argument Fuzzing

phantomfuzzer fuzzer input --target ./target/application --input-type argument

Save Results to a File

phantomfuzzer fuzzer input --target ./target/application --input-type file --output input_results.json --output-format json

Payload Generation

PhantomFuzzer allows you to generate different types of attack payloads for various categories. Here's how you can use it:

List Available Payload Categories

phantomfuzzer payload list

Generate Specific Payloads

SQL Injection (Basic)

phantomfuzzer payload generate --category sql_injection --subcategory basic

Generate Multiple XSS Payloads

phantomfuzzer payload generate --category xss --count 5 --output xss_payloads.txt

Generate Command Injection Payloads in JSON Format

phantomfuzzer payload generate --category command_injection --format json

Generate Random Payloads

phantomfuzzer payload random --count 3

Advanced Usage

Combining Operations

You can chain multiple operations for more comprehensive testing:

# Generate payloads and use them for API fuzzing
phantomfuzzer payload generate --category sql_injection --output sql_payloads.txt
phantomfuzzer fuzzer api --target https://api.example.com/query --method POST --data @sql_payloads.txt

# Scan and then fuzz discovered endpoints
phantomfuzzer scanner api --url https://api.example.com --output discovered_apis.json
phantomfuzzer fuzzer api --target https://api.example.com/query --method POST --data @discovered_apis.json

Debug Mode

Enable debug logging for more detailed output:

phantomfuzzer --debug scanner web --url https://example.com

Debug Mode

Enable debug logging for more detailed output:

phantomfuzzer --debug scanner web --url https://example.com

Contributing

Fork the repository
Create your feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add some amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
config		config
data		data
docker		docker
examples		examples
feedback		feedback
ml_data		ml_data
models		models
phantomfuzzer.egg-info		phantomfuzzer.egg-info
phantomfuzzer		phantomfuzzer
tests		tests
Dockerfile		Dockerfile
README.md		README.md
ascii.txt		ascii.txt
docker-compose.yml		docker-compose.yml
install.sh		install.sh
phantomfuzzer.1		phantomfuzzer.1
phantomfuzzer.bundle		phantomfuzzer.bundle
phantomfuzzer_cmd		phantomfuzzer_cmd
phantomfuzzer_wrapper.sh		phantomfuzzer_wrapper.sh
project_map.text		project_map.text
requirements.txt		requirements.txt
scapy_patch.py		scapy_patch.py
setup.py		setup.py
usage.txt		usage.txt

ghostsec420/PhantomFuzzer

Folders and files

Latest commit

History

Repository files navigation

PhantomFuzzer

Features

Installation

Prerequisites

Setup

Usage Guide

Global Options

Scanning Operations

Web Application Scanning

Basic Web Scanning

Scan with Authentication

Control Scan Depth

Save Results to a File

API Scanning

With OpenAPI/Swagger Specification

With Authentication

Save Results to a File

File Scanning

Scan a Single File

Recursive Directory Scan

Scan with File Pattern Matching

Enable Machine Learning Enhanced Detection

Save Results to a File

Fuzzing Operations

API Fuzzing

Basic API Fuzzing

POST Request Fuzzing

Fuzz with Custom Headers

With Authentication

Control Fuzzing Intensity

Save Results to a File

Protocol Fuzzing

TCP Protocol Fuzzing

SSH Protocol Fuzzing

FTP Protocol Fuzzing

Control Protocol Fuzzing Intensity

Input Fuzzing

File Input Fuzzing

Command-Line Argument Fuzzing

Save Results to a File

Payload Generation

List Available Payload Categories

Generate Specific Payloads

SQL Injection (Basic)

Generate Multiple XSS Payloads

Generate Command Injection Payloads in JSON Format

Generate Random Payloads

Advanced Usage

Combining Operations

Debug Mode

Debug Mode

Contributing

License

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages