Improving Web Fuzzing Efficiency Using Local Language Model-based Methods

Introducing brainstorm

Brainstorm is a web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery. It combines traditional web fuzzing techniques (as implemented in ffuf) with AI-powered path generation to discover hidden endpoints, files, and directories in web applications. Brainstorm usually finds more endpoints with fewer requests.

The tool is available here:
https://github.com/Invicti-Security/brainstorm

ffuf

ffuf is one of the most popular tools for performing web fuzzing and is my favorite tool for such tasks. It’s an excellent tool, fast, easy to use, and very configurable.

Ollama

Ollama is a tool for running open LLMs (Large Language Models) locally. You can run models such as Llama 3.2, Phi 3, Mistral, Gemma 2, Qwen 2.5 coder, and other models on your own machine without having to pay anything. It’s available for macOS, Linux, and Windows.

How brainstorm works

Brainstorm works by generating intelligent guesses for potential paths and filenames based on some initial links extracted from the target website. It works by:

  • Extracting initial links from the target website
  • Using AI (local LLM models) to analyze the structure and suggest new potential paths
  • Fuzzing these paths using ffuf
  • Learning from discoveries to generate more targeted suggestions
  • Repeating the whole process

Example of running brainstorm

Say that we have a website that has two files: index.php and login.php.

Manually, we would run a local Ollama model such as qwen2.5-coder using the following command:

ollama run qwen2.5-coder

(if you don’t have qwen2.5 coder on your machine you would need to download it first using ollama pull qwen2.5-coder)

We would then paste a very long prompt where we ask the LLM to brainstorm new potential filenames or directories, you can find the full prompt here.