Hey Folks, in this tutorial we are going to talk about another FUZZING tool called “Monsoon“. The tool is designed in bash scripting that allows us to execute a large number of HTTP requests within a few seconds. But the question is, what is special about it that makes it different from others? So in this tool has fastest HTTP enumeration feature which is different from others tools.
Lets take a look 🙂 !!
Installation
First we have to download the go language in our terminal by given command.
1 | apt install golang |
Now we will download this tool from github and after the download is complete we will go to the directory and doing the further process.
1 2 | git clone https://github.com/RedTeamPentesting/monsoon.git cd monsoon |
Go build command is usually used to compile the packages and dependencies that you have defined/used in your project.
1 | go build |
Now we can boot this tool by using the given command and even we can take help of “bash” command in order to start this tool.
1 | ./monsoon --help |
Example
Usage is also not difficult, just you have to understand the scenario, then you will get used to it. Just take any URL for practice purpose’s and boost your HTTP enumerations. Make sure to give FUZZ at the end of the URL.
Usage 🙂 ./monsoon –file < wordlist > < URL/FUZZ >
1 | ./monsoon --file /usr/share/wordlists/dirb/common.txt http://testphp.vulnweb.com/FUZZ |
You can see the results that look similar to others tool but the special thing you will see below is the time period of this enumeration.
Hide Status
In CTF challenges we do not have much time to solve the labs and in that case we try to get results as soon as possible without any effort. In such case we can add such fillers from which will get us accurate and quick results.
1 | ./monsoon --file /usr/share/wordlists/dirb/common.txt --hide-status 403,404 http://testphp.vulnweb.com/FUZZ |
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.