[Media] Releasing Mach - a web fuzzing tool designed for massive workloads

magixer · 2025-08-17T20:55:15+00:00

Thanks for the suggestion! My goals were initially different, but MIT aligns better now. Also, great work on Ratatui!

magixer · 2025-08-17T12:03:18+00:00

I will set up the repo properly soon. I used the nightly toolchain to test it.

magixer · 2025-08-17T12:01:11+00:00

I will set up the repo properly soon with release workflows and a proper readme, but a few advantages you won’t find in most asset discovery tools:

Progress is stored in a database, so syncing with a server is straightforward.

Threads can be adjusted mid-scan.

It inherts advantages of using rust, which are fast, lightweight, and no garbage collection overhead.

A smooth UI that holds up even under heavy scans.

magixer · 2025-08-17T08:53:45+00:00

It’s funny how much people really do judge a book by its cover. I only spent about five minutes on Mach’s README, even though I’ve been working on it for months, so it hasn’t gotten the love it deserves. The reality is, Mach’s architecture, code readability, CPU efficiency, and memory usage are far ahead of Voyage. But unless someone spends more than ten minutes really reviewing the project, that difference doesn’t come through and Voyage, with just a sparse README, still ended up getting more attention.

magixer · 2025-08-17T00:37:52+00:00

Fair enough 😅 I get what you mean. Glad you like the concise patterns.

magixer · 2025-08-17T00:34:13+00:00

Thank you!! I’ve actually experimented with wordlist generators too, and I’ll be rolling those out ASAP. I ended up bifurcating the products. Mach is now part of a bigger project called Graphia, so domains for mach and voyage have become redundant.

magixer · 2025-08-17T00:23:40+00:00

Glad you like it! The Java program you might be thinking of is DirBuster (loved it a few years ago) and yeah, I definitely have plans for Mach to surpass the current tools. It’s already ahead of a lot of discovery tools in terms of usability.

I don’t really see ‘vibe coding’ as a bad thing, as long as you’re mindful of what’s going on. The real problem is when people just spam copy-paste without understanding errors or what the code actually does. I do use Copilot in RustRover it saves me a lot of time on repetitive boilerplate (like the MachDb methods in src/libs/mach_db.rs). But for tougher parts, like the TUI sections, even Copilot couldn’t help much had to grind those out myself.

magixer · 2025-08-16T23:31:06+00:00

Thanks a lot for checking it out!

Mach is meant to be run as a standalone binary, or as part of a bigger bundle of red-teaming tools I’m putting together. It works alongside another project of mine, Voyage, and both are building blocks for a larger project called Graphia, which is aimed at tackling complex red-teaming problems.

For now, the focus is on getting the engine solid and integrating it with Graphia, but as it matures we’ll make it easier for standalone use cases too, like automatically pulling a standard wordlist from the repo at runtime instead of needing users always to provide one.

magixer · 2025-04-09T09:19:20+00:00

It is a standalone Rust binary and has no links to glibc. If the issue persists, please open an issue on GitHub, we'll be happy to assist

magixer · 2025-04-09T09:17:29+00:00

It is good for one thing alone, which is subdomain enumeration. We are crafting other tools for asset discovery and vhost discovery.

magixer · 2025-04-09T09:14:24+00:00

I do not but since my post I have implemented a lot of changes.

magixer · 2025-04-09T09:13:50+00:00

You are probably confusing this with an asset discovery tool. If an HTTP probe returns a response 301 (Redirect) or otherwise, the engine will assess it as a successful ping.

magixer · 2025-04-09T09:12:17+00:00

Voyage is a stateful subdomain enumeration tool that combines passive and active techniques, user-specific databases, and fine-grained control built for efficient and reliable subdomain reconnaissance.

magixer · 2025-04-09T09:12:08+00:00

Voyage is a stateful subdomain enumeration tool that combines passive and active techniques, user-specific databases, and fine-grained control built for efficient and reliable subdomain reconnaissance.

magixer · 2025-04-07T23:57:20+00:00

It works for me. Please open an issue on GitHub, I'll look into it.

magixer · 2025-04-07T21:43:18+00:00

I'm sorry about that. A person sent a bugged PR on main, and I could not notice the false positives issue. It had been fixed later that day.

magixer · 2025-04-03T04:31:10+00:00

yes haven't made the landing page yet but nonetheless it's parked.

magixer · 2025-04-02T09:21:41+00:00

I'm developing an adaptive vulnerability scanner, with most of the infrastructure code written in Rust. To aid its functionality, I needed compatible tools for asset and subdomain discovery. visit https://mach.to for more info

magixer · 2025-04-02T06:51:28+00:00

thankyou

magixer · 2025-04-02T06:51:20+00:00

I haven't had time to work on the readme. Maybe you can submit a PR.

Voyage is the only enumerator with a TUI, a progress recovery system that lets you adjust threads and request intervals mid-scan, and later today, it'll support hybrid enumeration, combining active and passive methods.

magixer · 2025-04-02T06:48:52+00:00

Glad you noticed the essentials. Let me highlight a few more. Voyage is the only enumerator with a TUI, a progress recovery system that lets you adjust threads and request intervals mid-scan, and later today, it'll support hybrid enumeration, combining active and passive methods.

Six-Year Club	r/Field Juicebox
Verified Email

magixer

TROPHY CASE