Fehu is a high-performance security toolkit for offensive security professionals and AI-powered automation. Multiple scanning capabilities in a single, fast binary.
Fehu (ᚠ) is the first rune of the Elder Futhark alphabet, symbolizing wealth, abundance, and power.
| Module | Description |
|---|---|
xss |
XSS scanner with smart adaptive mode - context-aware, reflection analysis |
sqli |
SQL Injection scanner (error, boolean, time-based) |
dirscan |
Directory fuzzer with built-in 400+ paths, smart 404 detection |
portscan |
Port scanner with built-in top-100/top-1000 profiles |
subdomain |
Subdomain enumeration with built-in 200+ subdomains |
headers |
Security headers analyzer |
fetch-proxies |
Download free proxies for evasion |
Key Capabilities:
- Smart XSS Mode: Probes character/tag filters, constructs working payloads adaptively
- Proxy Rotation: Built-in proxy rotation with free proxy fetching
- User-Agent Rotation: Randomized browser fingerprints
- Zero External Dependencies: Built-in wordlists for directories, subdomains, ports, SQLi, XSS
- Smart 404 Detection: Filters soft-404 pages automatically
- AI-Friendly:
--jsonflag outputs structured JSON for LLM parsing - Blazing Fast: Async I/O with configurable concurrency
- Single Binary: All tools in one compiled executable
git clone https://github.com/svviitzerland/fehu.git
cd fehu
cargo build --release# Smart mode - adaptive probing (recommended)
fehu xss --url "http://target.com/search?q=test" --smart
# Context-aware mode
fehu xss --url "http://target.com/search?q=test"
# Deep scan + WAF bypass
fehu xss --url "http://target.com/search?q=test" --smart --deep# Use proxy
fehu dirscan --url "http://target.com" --proxy http://127.0.0.1:8080
# Random User-Agent
fehu sqli --url "http://target.com/page?id=1" --random-agent
# Fetch and use free proxies
fehu dirscan --url "http://target.com" --fetch-proxies
# Add delay between requests
fehu xss --url "http://target.com/search?q=test" --smart --delay 500
# Download proxies for later use
fehu fetch-proxies -o proxies.txt# Uses built-in wordlist (400+ paths)
fehu dirscan --url "http://target.com"
# With file extensions
fehu dirscan --url "http://target.com" -x php,asp,html
# Custom wordlist (optional)
fehu dirscan --url "http://target.com" -w /path/to/wordlist.txt# Uses top-1000 ports (default)
fehu portscan --host "target.com"
# Top 100 ports (faster)
fehu portscan --host "target.com" --ports top100
# Full scan
fehu portscan --host "target.com" --ports 1-65535 --threads 2000fehu subdomain --domain "target.com"fehu sqli --url "http://target.com/page?id=1"fehu headers --url "http://target.com"All modules support --json for structured output:
{
"tool": "xss",
"target": "http://example.com/search?q=test",
"findings": [
{
"type": "smart_xss",
"target": "http://example.com/search?q=test",
"details": { "parameter": "q", "payload": "<img src=x onerror=alert(1)>", "method": "smart_adaptive" },
"confidence": "high"
}
],
"status": "completed"
}See the examples/ directory for detailed usage guides:
- XSS Scanning
- SQL Injection
- Directory Scanning
- Port Scanning
- Subdomain Enumeration
- Security Headers
- AI Integration
- Evasion Features
MIT License