Search the Community

0d1n Web security tool to make fuzzing at HTTP 0d1n is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. At another point of view, this anomaly can be a vulnerability, These tests can follow web parameters, files, directories, forms, and others Why is this tool made in C language? C has a high delay time for writing and debugging, but no pain no gain, it has fast performance, in addition, the C language is run at any architecture like Mips, ARM and others… in the future can follow mobile implementations. Other benefits of C is that it has a good and high profile to write optimizations if you want to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, this is a good choice. Why you don’t use POO ? in this project I follow the”KISS” principle: [Hidden Content] It Simple C language has a lot of old school dudes like a kernel hacker. Changelog v2.7 Fix CORS Bug in load HTML (Now uses local HTTPD) Insert HTTPD with lib mongoose to load reports only for localhost Refactor the core of code Sort files by directory Create install resources in make file (tested on debian based distro) Change fork() to vfork() to gain performance Bug fix in console Read the readme.md Fix output results, to create directory for each log in /opt/0d1n/view… Remove wild pointer bugs [hide][Hidden Content]]

CWFF is a tool that creates a special High quality fuzzing/content discovery wordlist for you at the highest speed possible using concurrency and it's heavily inspired by @tomnomnom's Who, What, Where, When, Wordlist #NahamCon2020. [hide][Hidden Content]]

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads. XSS Fuzzer is a generic tool that can be useful for multiple purposes, including: Finding new XSS vectors, for any browser Testing XSS payloads on GET and POST parameters Bypassing XSS Auditors in the browser Bypassing web application firewalls Exploiting HTML whitelist features [HIDE][Hidden Content]]