Wfuzz v.2.0 released | Web application bruteforcer
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
It's very flexible, here are some functionalities:
- Multiple Injection points capability with multiple dictionaries
- Recursion (When doing directory bruteforce)
- Post, headers and authentication data brute forcing
- Output to HTML
- Colored output
- Hide results by return code, word numbers, line numbers, regex.
- Cookies fuzzing
- Multi threading
- Proxy support
- SOCK support
- Time delays between requests
- Authentication support (NTLM, Basic)
- All parameters bruteforcing (POST and GET)
- Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (Many dictionaries are from Darkraver's Dirb, www.open-labs.org)
Highlights in this version:
- Infinite payloads. You can now define as many FUZnZ words as you need .
- Multiple encoders per payload. You can now define as many encoders as you need for each payload independently.
- Payload combination. You can now combine your payloads in different ways by specifying iterators.
- Increased flexibility. You can now define in an easy way new payloads,iterators,encoders and output handlers and they will be part of wfuzz straight away.
- Baseline support. You can now define a default value for each payload and compare the results against them.
Download Here:
http://code.google.com/p/wfuzz/downloads/list
0 comments:
Post a Comment