Locked FuzzingTool v3.14 - web penetration testing tool

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

FuzzingTool is a web penetration testing tool, that handles with fuzzing. After the test is completed, all possible vulnerable entries (and the response data) are saved on a report file.

Changelog v3.14

New features

    Added a replay proxy option --replay-proxy PROXY;
    Added a Matcher option to match responses by regex -Mr REGEX;
    Added Filter:
        Exclude responses by status codes -Fc STATUS;
        Exclude responses by regex -Fr REGEX;
    Added recursion jobs feature:
        Plugin scanners now can enqueue payloads for the next job when needed;
        Added directory recursion feature (--recursion) on path fuzzing;
        The user can set the maximum recursion level from jobs (--max-rlevel RLEVEL);
    Added option to set multiple plugin scanners (when use multiple --scanner argument);
    Added plugin scanners:
        Backups;
        Wappalyzer;

Removed features

    Removed the use of multiple http methods;
    Removed Find plugin (replaced by match by regex);

Bugfix

    Fixed a bug with match logic on Matcher, when set multiple match options and only one is considered;
    Fixed a bug with DnsZone plugin when set an invalid hostname;
    Fixed a split string error on function split_str_to_list;

CLI output changes

    When do a subdomain fuzzing, the ip address will no longer be shown on cli output. It’ll only be stored in the report file;
    Added a progress bar (credits to Dirsearch for the idea)

Other changes

    Changed the program binary name from FuzzingTool to fuzzingtool;
    Now the Dictionary object will enqueue Payload objects into the payloads queue;
    Each Payload has his own recursion level attribute (Payload.rlevel) to tell about the job recursion level;
    Now the wordlist creation and build are threaded;

Code refactored

    Added HttpHistory object to store the information about the request and response into the result object, including the ip address when do a subdomain fuzzing;
    Moved some functions from http_utils module to UrlParse class;
    Removed inspect_result method from scanners. Now they will append results in the _process method;
    Removed decorator append_args, no longer needed;
    Updated fuzz types and created a class to store the plugin categories on utils/consts;
    Moved both logger and reports to persistence directory;
    Updated the order of the parameters on PluginFactory methods;
    Moved the api to outside of a specific folder;
    Moved the argument build functions to utils/argument_utils;

This is the hidden content, please

• Sign In
• or
• Sign Up