Wfuzz is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc.), brute force GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP, etc), brute force Forms parameters (User/Password), Fuzzing etc.
Following are the some functionalities:
- Recursion (When doing directory brute force)
- Post, headers and authentication data brute forcing
- Output to HTML (easy for just clicking the links and checking the page, even with post data)
- Colored output on all systems.
- Hide results by return code, word numbers, line numbers, etc.
- Cookies fuzzing
- Multithreading
- Proxy support
- Multiple FUZZ capability with multiple dictionaries
- Authentication support (Ntlm, Digest, Basic)
- All parameters bruteforcing (POST and GET)
- Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more.
Download source :
Home Page : http://www.edge-security.com/wfuzz.php
Download : Official resource
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.