reddit hackernews mail facebook facebook linkedin


Black box fuzzer for web applications.

Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target.

- Heavy use of gorutines and internal hardware for great preformance
- Built-in engine that handles each task for "x" response results inductively
- Highly cusomized to handle more complex fuzzing
- Filter options and request verifications to avoid junk results
- Friendly error and debug output
- Build in payloads (default list are mixed with the wordlist from seclists)
- Payload tampering and encoding functionality