A smarter web fuzzing tool that combines local LLM models (via Ollama) and ffuf to optimize directory and file discovery.
I wrote a blog post about the ideas behind this tool: Brainstorm tool release: Optimizing web fuzzing with local LLMs
Short Description
Combines traditional web fuzzing techniques with AI-powered path generation to discover hidden endpoints, files, and directories in web applications.Long Description
This tool enhances traditional web fuzzing by using local AI language models (via Ollama) to generate intelligent guesses for potential paths and filenames. It works by:- Extracting initial links from the target website
- Using AI to analyze the structure and suggest new potential paths
- Fuzzing these paths using ffuf
- Learning from discoveries to generate more targeted suggestions
- Repeat
fuzzer.py: Main fuzzer focusing on general path discoveryfuzzer_shortname.py: Specialized variant for short filename discovery (e.g., legacy 8.3 format)
Installation
Code:
# Clone the repository
git clone https://github.com/Invicti-Security/brainstorm.git
cd brainstorm
# Install Python dependencies
pip install -r requirements.txt
# Ensure ffuf is installed and in your PATH
# Ensure Ollama is running locally on port 11434