Skip to content
/ hulksmash Public

A very easy-to-use library for building a custom brute-force requester for QA purposes

License

MIT license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ynori7/hulksmash

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
anonymizer
anonymizer
 
 
example
example
 
 
http
http
 
 
sequence
sequence
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
hulksmash.png
hulksmash.png
 
 
options.go
options.go
 
 
smasher.go
smasher.go
 
 

Repository files navigation

Hulk Smash GoDoc Go Report Card

HulkSmash Logo

This is a very easy-to-use library for building a custom brute-force requester for QA purposes. This tool can be useful, for example, for performance and load testing or for testing your rate-limiter. This tool automatically adds randomized headers to anonymize the request such as X-Forwarded-For and User-Agent.

This tool is to be used only for benign purposes!

Usage

To use it, simply import "github.com/ynori7/hulksmash". Then construct a request builder, which is a function to get the request you want to perform. This request builder accepts an index in case you want to send requests to a variety of endpoints, with varying payloads, or with a cachebreaker. Then you simply create your smasher instance and tell it to start smashing.

requestBuilder := func(item string) (*http.Request, error) {
    return http.NewRequest(http.MethodGet, url, nil)
}

hulksmash.NewSmasher(hulksmash.WithIterations(5)).Smash(context.Background(), requestBuilder)

The smasher comes with some configurable options with safe defaults. Here is a list of the options:

Option Description Default
WithClient Allows you to override the HTTP Client hulksmash's http.NewClient()
WithWorkerCount Sets the number of workers which will send requests in parallel 1
WithErrorFunc Function which is called in case of an error while performing the request Simply logs it to stdout
WithSuccessResponseCallback Function which is called in case of a successful request Simply logs the http status code and response body
WithIterations The number of calls to make 1
WithStartIndex The start index to use when iterating. Can be useful if you want to resume a previous experiment 0
WithAnonymizeRequests Can be used to disable the logic to automatically add headers to make reqeusts look more organic true
WithSequenceFunc Can be used to specify the way the iteration sequence should be built, for example numeric or alphanumeric. Some presets are available in the sequence package sequence.Numeric

A basic and advanced example can be found in example.

Attribution

Icon from Sujud.icon (CC BY 3.0)

Uses refraction-networking/utls to randomize the TCP Hello fingerprint.

About

A very easy-to-use library for building a custom brute-force requester for QA purposes

Topics

security qa bruteforce qatools security-tools

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages