-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
58f4618
commit 945bf99
Showing
2 changed files
with
111 additions
and
0 deletions.
There are no files selected for viewing
34 changes: 34 additions & 0 deletions
34
cybersecurity/offensive/information-gathering/ffufai.Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| # ffufai.Dockerfile | ||
| # Git clone stage | ||
| FROM alpine:latest AS source | ||
| RUN apk add --no-cache git | ||
| WORKDIR /src | ||
| RUN git clone https://github.com/jthack/ffufai.git . || exit 1 | ||
|
|
||
| # Build stage | ||
| FROM golang:1.21-alpine AS builder | ||
| WORKDIR /build | ||
| COPY --from=source /src . | ||
|
|
||
| # Set Go build flags | ||
| ENV CGO_ENABLED=0 \ | ||
| GOOS=linux \ | ||
| GOARCH=amd64 \ | ||
| GO111MODULE=on | ||
|
|
||
| # Build optimized binary | ||
| RUN go mod download && \ | ||
| go build -ldflags="-w -s" -o ffufai main.go | ||
|
|
||
| # Final stage | ||
| FROM gcr.io/distroless/static-debian12:nonroot | ||
| WORKDIR /app | ||
|
|
||
| # Copy binary and wordlists | ||
| COPY --from=builder /build/ffufai /app/ | ||
| COPY --from=builder /build/wordlists /app/wordlists | ||
|
|
||
| USER nonroot:nonroot | ||
| EXPOSE 8080 | ||
|
|
||
| ENTRYPOINT ["/app/ffufai"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| # ffufai.yml | ||
| description: > | ||
| ffufai is an AI-powered web fuzzing tool that combines the power of ffuf with | ||
| artificial intelligence to find hidden endpoints and vulnerabilities in web applications. | ||
| categories: | ||
| - cybersecurity | ||
| - offensive | ||
| - information-gathering | ||
|
|
||
| functions: | ||
| ffufai_default_scan: | ||
| description: Perform a default fuzzing scan against a web target | ||
| parameters: | ||
| target: | ||
| type: string | ||
| description: The target URL to fuzz | ||
| examples: | ||
| - https://example.com | ||
| - http://localhost:8080 | ||
| wordlist: | ||
| type: string | ||
| description: Wordlist to use for fuzzing | ||
| default: "common.txt" | ||
| examples: | ||
| - "directories.txt" | ||
| - "endpoints.txt" | ||
|
|
||
| container: | ||
| build: | ||
| path: ${cwd}/ffufai.Dockerfile | ||
| name: ffufai_local | ||
| args: | ||
| - --net=host | ||
| volumes: | ||
| - ${cwd}:/data | ||
|
|
||
| cmdline: | ||
| - /app/ffufai | ||
| - -u | ||
| - ${target} | ||
| - -w | ||
| - /app/wordlists/${wordlist} | ||
|
|
||
| ffufai_full_scan: | ||
| description: Perform comprehensive fuzzing with AI analysis | ||
| parameters: | ||
| target: | ||
| type: string | ||
| description: The target URL to fuzz | ||
| wordlist: | ||
| type: string | ||
| description: Wordlist to use for fuzzing | ||
| default: "big.txt" | ||
| threads: | ||
| type: integer | ||
| description: Number of concurrent threads | ||
| default: 40 | ||
|
|
||
| container: | ||
| build: | ||
| path: ${cwd}/ffufai.Dockerfile | ||
| name: ffufai_local | ||
| args: | ||
| - --net=host | ||
| volumes: | ||
| - ${cwd}:/data | ||
|
|
||
| cmdline: | ||
| - /app/ffufai | ||
| - -u | ||
| - ${target} | ||
| - -w | ||
| - /app/wordlists/${wordlist} | ||
| - -t | ||
| - ${threads} | ||
| - --ai |