Monsoon – A Fastest HTTP Enumerator For CTF

Hey Folks, in this tutorial we are going to talk about another FUZZING tool called “Monsoon“. The tool is designed in bash scripting that allows us to execute a large number of HTTP requests within a few seconds. But the question is, what is special about it that makes it different from others? So in this tool has fastest HTTP enumeration feature which is different from others tools.

Lets take a look 🙂 !!

Installation

First we have to download the go language in our terminal by given command.

apt install golang

Now we will download this tool from github and after the download is complete we will go to the directory and doing the further process.

git clone https://github.com/RedTeamPentesting/monsoon.git
cd monsoon

Go build command is usually used to compile the packages and dependencies that you have defined/used in your project.

go build

Now we can boot this tool by using the given command and even we can take help of “bash” command in order to start this tool.

./monsoon --help

Example

Usage is also not difficult, just you have to understand the scenario, then you will get used to it. Just take any URL for practice purpose’s and boost your HTTP enumerations. Make sure to give FUZZ at the end of the URL.

Usage 🙂 ./monsoon –file < wordlist > < URL/FUZZ >

./monsoon --file /usr/share/wordlists/dirb/common.txt http://testphp.vulnweb.com/FUZZ

You can see the results that look similar to others tool but the special thing you will see below is the time period of this enumeration.

Hide Status

In CTF challenges we do not have much time to solve the labs and in that case we try to get results as soon as possible without any effort. In such case we can add such fillers from which will get us accurate and quick results.

./monsoon --file /usr/share/wordlists/dirb/common.txt --hide-status 403,404 http://testphp.vulnweb.com/FUZZ