NucleiFuzzer is a powerful automation framework tailored for modern web application security testing. Built by combining the strength of industry-leading tools such as Nuclei, ParamSpider, Waybackurls, Katana, Gauplus, Hakrawler, and more — this tool provides a unified interface to perform comprehensive URL discovery and vulnerability scanning with ease and precision.
✅ Think of it as a one-command solution to discover, validate, and fuzz your web targets efficiently.
🚀 What is NucleiFuzzer?
NucleiFuzzer is an all-in-one automation script built on top of ProjectDiscovery’s Nuclei. It’s designed to supercharge your security testing workflow by automatically discovering endpoints and scanning them using fuzzing templates, making it an ideal companion for:
- Penetration testers
- Bug bounty hunters
- Web developers securing their applications
It integrates and orchestrates the following tools:
- 🕸️ ParamSpider – parameter extraction
- 🕵️ Waybackurls – historical URL discovery
- 📜 Gauplus – expanded URL collection
- 🔎 Hakrawler – JavaScript parsing and link scraping
- ⚔️ Katana – high-performance crawling
- ⚙️ httpx – for HTTP filtering
- 🧹 uro – URL deduplication
🧠 How It Works
NucleiFuzzer simplifies your recon-to-scan pipeline by automating the following steps:
- Collects URLs from various sources.
- Validates and filters URLs using
httpx
anduro
. - Scans endpoints using Nuclei with fuzzing templates.
- Outputs structured results to the terminal and files.
Screenshot Examples:
🧰 Features Overview
Feature | Description |
---|---|
🔗 Multi-source URL Collection | Collects endpoints from ParamSpider, Waybackurls, Gauplus, Hakrawler, and Katana |
🧼 Smart URL Deduplication | Uses uro to clean noisy results and avoid redundant scans |
🔍 Fast Filtering | Uses httpx to validate only live/active URLs |
🔐 Fuzzing with Nuclei | Scans with powerful fuzzing templates to detect real vulnerabilities |
⚙️ Custom Options | Flexible CLI to scan one or many domains, with options for templates, verbosity, rate limits, and temp file handling |
📁 Clean Output | All results are saved in a structured output folder for easy analysis |
💻 Usage Examples
📌 Help Menu:
nf -h
🔎 Scan a Single Domain:
nf -d example.com
📄 Scan Multiple Domains from a File:
nf -f targets.txt
📂 Custom Output Folder:
nf -d site.com -o results/
📦 Installation
You can install NucleiFuzzer with a one-liner:
git clone https://github.com/0xKayala/NucleiFuzzer.git && cd NucleiFuzzer && sudo chmod +x install.sh && ./install.sh
Once installed, run it using:
nf -h
⚒️ Tools Required
Tool | Repo / Command |
---|---|
Nuclei | https://github.com/projectdiscovery/nuclei |
ParamSpider | https://github.com/0xKayala/ParamSpider |
Waybackurls | https://github.com/tomnomnom/waybackurls |
Gauplus | https://github.com/bp0lr/gauplus |
Hakrawler | https://github.com/hakluke/hakrawler |
Katana | https://github.com/projectdiscovery/katana |
httpx | https://github.com/projectdiscovery/httpx |
uro | https://github.com/s0md3v/uro |
📺 Practical Demonstration
Watch NucleiFuzzer in action here:
▶️ YouTube Video Demo
🧠 Why Use NucleiFuzzer?
Because manual URL discovery and vulnerability scanning is tedious, error-prone, and time-consuming.
This tool takes care of:
- ✅ Aggregating the best recon sources
- ✅ Filtering garbage data and dead links
- ✅ Scanning with production-ready templates
- ✅ Giving results you can act on instantly
"Security is a process — and NucleiFuzzer makes that process fast, efficient, and reliable."
🤝 Contribute
Contributions are welcome! 🚀
- Fork the repo
- Create a feature branch
- Submit a pull request
GitHub: https://github.com/0xKayala/NucleiFuzzer
📌 Final Thoughts
NucleiFuzzer is a serious productivity booster for anyone serious about web security. Whether you're scanning your own apps or doing bounty hunting --- this tool gives you the upper hand with automation and precision.
Give it a try, and let me know your feedback. Contributions, feature suggestions, or collaborations are always welcome!
🚀 Try NucleiFuzzer – Your Web VAPT Automation Tool
Supercharge your bug bounty or penetration testing workflow! NucleiFuzzer automates XSS, LFI, RCE, and more using the power of Nuclei and Fuzzing Templates.
🔗 View on GitHubSupport me: If you'd like to support me, buy me a cup of Coffee ☕
0 Comments