Locked FuzzingTool v3.11 - web penetration testing tool

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

FuzzingTool

FuzzingTool is a web penetration testing tool, that handles with fuzzing. After the test is completed, all possible vulnerable entries (and the response data) are saved on a report file.

Changelog v3.11

New features

    Allow to insert multiple wordlists (globally or per target)
        Assign a wordlist to each target with numerous -w, or a global wordlist using only one -w;
        Use multiple wordlists to same target -w 'wordlist1;wordlist2';
    Allow to wordlist plugins automatically detects and build their parameters based on target;
    Now both the exception and the used payload are written in the logfile;
    Added robots.txt plugin to the wordlists;
    Updated CLI output options
        Added an option to disable the terminal colors --no-colors;
        Added an option to simplify the output mode, removing the time label and reducing the other labels -S, --simple-output;

CLI output changes

    Updated the program’s progress status: the format is more clean and shows the current payload that are being used;
    Updated the PathScanner status codes coloring;

Bugfixes

    Fixed the proxy setup on Request;
    Fixed the Logger that wasn’t writting in the logfile;
    Fixed a bug then more than one method is specified to same target, and the application stops to run;
    Fixed an exception when the same target is setted more than one time. Now a target can appear more than one time if all of them do the same type of fuzzing, or by selecting a global scanner plugin;

Exception handling

    At now, none of the RequestExceptions will stop the application, instead of it the program will ask for the user if he wants to continue with that target.
    The objectCreator method from PluginFactory no longer raises a PluginNotFound exception. This exception was transfered to the classCreator in the same factory.

Code refatored

    All the program arguments parsing are now handled by ArgumentParser that extends the argparse.ArgumentParser;
    Separate the Dictionary class from the wordlists;
    Removed unused anonimous functions on CliOutput;
    The blacklist status codes, and actions, was moved to a separated class called BlacklistStatus;
    Removed the Response class. Now the Request object will return a tuple of items: the raw response from the requests library, and the RTT. The SubdomainRequest appends the target’s ip to this tuple;
    Moved the FuzzingTool results from the python dictionary to a separated class Result
        The results are no longer created by the scanners;
        Changed the getResult method from the scanners to inspectResult;
    Separated the Matcher from the scanners;
    Updated base classes to abstract classes;

This is the hidden content, please

• Sign In
• or
• Sign Up