🔥

UniFuzz

Looks the same. Isn't the same.

Mutations

Homoglyphs Case Anomalies XSS & Path Symbols Zero-Width Insert

Presets

Output Format

Settings

Depth Limit

Base Payload

Results 0

Made with ❤️ from India

# UniFuzz: The Definitive Unicode Normalization Vulnerability Toolkit UniFuzz is a completely offline, client-side application specifically engineered to help professional bug bounty hunters and penetration testers stress-test Web Application Firewalls (WAFs) and backend Unicode implementations. ## Primary Vectors Tested: - **NFKD / NFKC Normalization Collisions**: Forcing mathematical, fullwidth, and subscript characters (like ᵃ, ⒜, ａ) to normalize back down into highly sensitive payloads (e.g., admin, script). - **Regex Bypass Architecture**: Dynamic insertion of Zero-Width Spaces (ZWSP), LRM, and BOM elements strictly designed to break signature-based WAF systems without altering payload execution downstream. - **Path Traversal / Command Injection Support**: Direct algorithmic mutation of punctuation marks like `, ., /, \, <, >` into alternate Unicode block representations to avoid basic character-dropping sanitizers. - **Headless Pipeline Exports**: Structured immediate outputs to `URL Encoded`, `Double URL Encoded`, `Unicode Escape (\uXXXX)`, and `JSON Array` for automated integration with tools like **Burp Suite**, **ffuf**, and **Nuclei**.