v1.0.0

[provie]

PSFuzz v1.0.0

Fast, single-binary web fuzzer for directory and endpoint discovery, with a familiar CLI (FUZZ, wordlists, filters, proxy, raw requests) and options aimed at real assessments.

---

AI-assisted workflow

• Explore AI (-explore-ai) — Probes the target (fingerprint-style signals, headers, response), then an LLM returns structured recommendations (wordlist hints, extensions, etc.). Sensitive headers are redacted before sending.
• Providers: openai (default), ollama (local), gemini. Use -explore-ai-provider, optional -explore-ai-endpoint and -explore-ai-model.
• API keys: OPENAI_API_KEY; GEMINI_API_KEY or GOOGLE_API_KEY; Ollama often needs no key (default e.g. http://localhost:11434).
• Tuning: -explore-ai-profile (quick / balanced / thorough), -explore-ai-wordlist / -explore-ai-wordlists-dir, -explore-ai-max-tokens, -explore-ai-no-cache to skip the on-disk cache.
• Caching: Results cached per normalized URL (1h TTL, e.g. under ~/.cache/psfuzz/explore-ai) to avoid repeat API calls.

AI response module (per hit)

• -modules ai — LLM security verdict per response (status, URL, truncated body). Custom prompt via -ai-prompt / config; placeholders: {{status}}, {{method}}, {{url}}, {{body}}.
• -ai-provider openai | ollama | gemini with optional -ai-endpoint and -ai-model. Missing key or API failures are reflected in module_data where applicable.

Other response modules

Module	Role
fingerprint	Tech hints from headers/body
cors	CORS evaluation
headers	Security header checks
secrets	Secret patterns in body/headers
auth	Login / 401 / session hints
urlextract	URLs from body + Location
links	HTML links → absolute URLs; use with -enqueue-module-urls links for link-driven discovery

Scanning & transport

• Recursion: -recursion-strategy default|greedy
• Limits: -maxtime, -maxtime-job
• HTTP/2: -http2
• VHost fuzzing: -vhost
• Audit: -audit-log (NDJSON), -audit-max-body

Output formats

TXT, JSON, NDJSON, HTML, CSV, compat JSON — module results in module_data (or equivalent columns) for automation and reporting.

Safety & docs

• Safe defaults for scope and redirects (local testing documented separately).
• CI: build, test, vet on push/PR.
• See README, MODULES.md, CHEATSHEET, TESTING in the repo.

Install

• Prebuilt binaries for common Linux, Windows, and macOS targets (see release assets).
• Or build / go install from source per README.

---

Note: If your v1.0.0 tag only includes the older [1.0.0] changelog scope (e.g. only OpenAI for the AI module), trim the Explore AI / multi-provider / cache / audit / links sections—or ship a newer tag (e.g. v1.1.0) that matches current main and update CHANGELOG.md accordingly.

---

This discussion was created from the release v1.0.0.