kat.x Posted October 28, 2011 Share Posted October 28, 2011 This is the hidden content, please Sign In or Sign Up Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. It's very flexible, here are some functionalities: Multiple Injection points capability with multiple dictionaries Recursion (When doing directory bruteforce) Post, headers and authentication data brute forcing Output to HTML Colored output Hide results by return code, word numbers, line numbers, regex. Cookies fuzzing Multi threading Proxy support SOCK support Time delays between requests Authentication support (NTLM, Basic) All parameters bruteforcing (POST and GET) Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (Many dictionaries are from Darkraver's Dirb, This is the hidden content, please Sign In or Sign Up ) Highlights in this version: - Infinite payloads. You can now define as many FUZnZ words as you need . - Multiple encoders per payload. You can now define as many encoders as you need for each payload independently. - Payload combination. You can now combine your payloads in different ways by specifying iterators. - Increased flexibility. You can now define in an easy way new payloads,iterators,encoders and output handlers and they will be part of wfuzz straight away. - Baseline support. You can now define a default value for each payload and compare the results against them. Download Here: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts