> ## Documentation Index
> Fetch the complete documentation index at: https://trickest.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Fuzz Web Applications for Vulnerabilities

> Scan for vulnerabilities in web applications actively by crawling the app and fuzzing inputs

export const ModuleOverview = ({category, inputs, outputs, author, createdDate, iframeUrl, long_description}) => <div style={{
  backgroundColor: 'var(--background-card)',
  borderRadius: '16px',
  padding: '32px',
  boxShadow: '0 8px 32px rgba(0, 0, 0, 0.08)'
}}>
    <div style={{
  width: '100%',
  height: '600px',
  backgroundColor: 'var(--background-default)',
  borderRadius: '16px',
  overflow: 'hidden',
  border: '1px solid var(--border-default)',
  marginBottom: '24px',
  position: 'relative'
}}>
      <div style={{
  width: '100%',
  height: '100%'
}}>
        <div className="p-2 not-prose relative bg-gray-50/50 rounded-xl overflow-hidden dark:bg-gray-800/25" style={{
  width: '100%',
  height: '100%'
}}>
          <div className="absolute inset-0 bg-grid-neutral-200/20 [mask-image:linear-gradient(0deg,#fff,rgba(255,255,255,0.6))] dark:bg-grid-white/5 dark:[mask-image:linear-gradient(0deg,rgba(255,255,255,0.1),rgba(255,255,255,0.5))]" style={{
  backgroundPosition: '10px 10px'
}}></div>
          <div className="relative rounded-lg overflow-hidden flex justify-center" style={{
  width: '100%',
  height: '100%'
}}>
            <iframe src={iframeUrl} scrolling="no" style={{
  position: 'absolute',
  top: 0,
  left: 0,
  width: '100%',
  height: '100%',
  border: 'none',
  overflow: 'hidden'
}} title="Module Preview" />
          </div>
          <div className="absolute inset-0 pointer-events-none border border-black/5 rounded-xl dark:border-white/5"></div>
        </div>
      </div>
    </div>

    <div style={{
  display: 'flex',
  justifyContent: 'space-between',
  alignItems: 'center',
  marginBottom: '24px'
}}>
      <div style={{
  display: 'flex',
  gap: '16px',
  alignItems: 'center'
}}>
        <span style={{
  background: 'linear-gradient(135deg, #00a3ff, #0065ff)',
  color: 'white',
  padding: '8px 16px',
  borderRadius: '24px',
  fontSize: '0.875rem',
  fontWeight: '600',
  textTransform: 'uppercase'
}}>
          {category}
        </span>
      </div>
      
      <div style={{
  display: 'flex',
  gap: '24px',
  alignItems: 'center'
}}>
        <div>
          <p style={{
  color: 'var(--text-secondary)',
  fontSize: '0.875rem',
  margin: 0
}}>Created by</p>
          <p style={{
  color: 'var(--text-primary)',
  fontWeight: '500',
  margin: 0
}}>{author}</p>
        </div>
        <div style={{
  width: '1px',
  height: '32px',
  backgroundColor: 'var(--border-default)'
}} />
        <div>
          <p style={{
  color: 'var(--text-secondary)',
  fontSize: '0.875rem',
  margin: 0
}}>Last updated</p>
          <p style={{
  color: 'var(--text-primary)',
  fontWeight: '500',
  margin: 0
}}>
            {new Date(createdDate).toLocaleDateString()}
          </p>
        </div>
      </div>
    </div>

    <p style={{
  color: 'rgba(163, 179, 188, 0.8)',
  fontSize: '1rem',
  margin: '0 0 24px 0',
  lineHeight: '1.6'
}}>
      {long_description}
    </p>

    <div style={{
  display: 'grid',
  gridTemplateColumns: '1fr 1fr',
  gap: '32px'
}}>
      <div>
        <h3 style={{
  fontSize: '1.25rem',
  fontWeight: '600',
  color: 'var(--text-primary)',
  marginBottom: '16px',
  display: 'flex',
  alignItems: 'center',
  gap: '8px'
}}>
          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor">
            <path d="M5 12h14M12 5l7 7-7 7" />
          </svg>
          Input Parameters
        </h3>
        <div style={{
  display: 'flex',
  flexDirection: 'column',
  gap: '12px'
}}>
          {Object.entries(inputs).map(([key, value]) => <div key={key} style={{
  padding: '16px',
  backgroundColor: 'var(--background-default)',
  borderRadius: '12px',
  border: '1px solid var(--border-default)'
}}>
              <ParamField query={key} type={value.type.toLowerCase()} optional={!value.visible} required={value.visible}>
                <span style={{
  fontSize: '0.95rem',
  color: 'var(--text-secondary)',
  lineHeight: '1.5'
}}>
                  {value.description}
                </span>
              </ParamField>
            </div>)}
        </div>
      </div>

      <div>
        <h3 style={{
  fontSize: '1.25rem',
  fontWeight: '600',
  color: 'var(--text-primary)',
  marginBottom: '16px',
  display: 'flex',
  alignItems: 'center',
  gap: '8px'
}}>
          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor">
            <circle cx="12" cy="12" r="10" /><path d="M8 12h8" />
          </svg>
          Outputs
        </h3>
        <div style={{
  display: 'flex',
  flexWrap: 'wrap',
  gap: '6px'
}}>
          {outputs.map((output, index) => <span key={index} style={{
  background: 'rgba(255, 107, 0, 0.1)',
  borderRadius: '6px',
  padding: '2px 8px',
  fontSize: '0.7rem',
  display: 'inline-flex',
  alignItems: 'center',
  gap: '4px',
  color: '#ff6b00',
  border: '1px solid rgba(255, 107, 0, 0.2)'
}}>
              {output}
            </span>)}
        </div>
      </div>
    </div>
  </div>;

<ModuleOverview
  category="Vulnerability Scanning"
  inputs={ {
"urls": {
"name": "urls",
"type": "FILE",
"visible": false,
"description": "List of URLs",
},
"header": {
"name": "header",
"type": "STRING",
"visible": false,
"description": "Header(s) to include in HTTP requests",
},
"in-scope": {
"name": "in-scope",
"type": "FILE",
"visible": false,
"description": "List of URLs, paths, or regular expressions to include in scanning",
},
"rate-limit": {
"name": "rate-limit",
"type": "STRING",
"visible": false,
"description": "Maximum number of requests to send per second per machine",
},
"header-file": {
"name": "header-file",
"type": "FILE",
"visible": false,
"description": "Header(s) to include in HTTP requests",
},
"url-details": {
"name": "url-details",
"type": "FILE",
"visible": false,
"description": "JSONLines records of URL and request details",
},
"out-of-scope": {
"name": "out-of-scope",
"type": "FILE",
"visible": false,
"description": "List of URLs, paths, or regular expressions to exclude from scanning",
},
}}
  outputs={[ 
"findings",
"sitemap"
]}
  author="mhmdiaa-trickest"
  createdDate="2024-08-12"
  iframeUrl="https://editor.trickest.io/preview?workflow_url=https://trickest-public-workflow.s3.eu-central-1.amazonaws.com/07ffa5ff-da71-40c7-b9b5-5e79f99a5285.json"
/>

# Fuzz Web Applications for Vulnerabilities

## Description

Scan for vulnerabilities in web applications actively by crawling the app, fuzzing inputs, and reporting insecure behaviors and potential security flaws.

## Features

* Scans for a wide range of vulnerabilities by **actively injecting payloads and analyzing responses**.
* Crawls the web application before and after payload injection to **discover endpoints and detect stored vulnerabilities**.
* Automatically **switches to headless browser crawling** when necessary.
* Can scan **thousands of web applications** simultaneously.

## Inputs

### Required

* **urls:** List of URLs

```
https://foo.example.com
https://bar.example.com
```

### Optional

* **exclude-urls**: List of URLs, paths, or regular expressions to exclude from scanning

```
https://foo.example.com/profiles?id=.*
/admin
```

* **header**: Header(s) to include in HTTP requests
* **header-file**: File with header(s) to include in HTTP requests
* **rate-limit**: Maximum number of requests to send per second per machine (default: 300)

### Outputs

* **findings:** JSONLines records of finding details.

```json theme={null}
{"finding": "Cross Site Scripting (Reflected)", "location": "https://foo.example.com/products?category=%0A%0D%0A%0D%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E", "hostname": "foo.example.com", "domain_name": "example.com", "severity": "high", "method": "GET", "field": "category", "attack": "\n\r\n\r<scrIpt>alert(1);</scRipt>", "description": "Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.", "matches": ["<scrIpt>alert(1);</scRipt>"]}
{"finding": "Vulnerable JS Library", "location": "https://bar.example.com/resources/js/angular_1-7-7.js", "hostname": "bar.example.com", "domain_name": "example.com", "severity": "medium", "method": "GET", "description": "CVE-2023-26116\nCVE-2022-25869\nCVE-2022-25844\nCVE-2024-21490\nCVE-2020-7676\nCVE-2023-26117\nCVE-2019-10768\nCVE-2023-26118\n", "matches": ["/*\n AngularJS v1.7.7"]}
```

## Changelog

* v1.0.0
  * Initial release
* v1.1.0
  * Improved the finding `description` field to include more relevant information.
  * Resolved an issue where a scan rule for detecting proxy misconfigurations was generating false positives.
* v1.2.0
  * Added `header-file` input
* v2.0.0
  * Added automatic validation for SQL injection vulnerabilities using single-threaded, high-accuracy checks
  * Added detection of file upload forms as informational findings
  * Improved headless crawling to better support JavaScript-heavy dynamic applications
  * Added `url-details` input to allow passing non-GET endpoints with custom bodies; enables integration with the `Analyze JavaScript Code` module
  * Added `sitemap` output to export the dynamically accessed sitemap in a format compatible with `ZAP Messages`
