New Bruteforce & Fuzzing tool : Wfuzz - The web bruteforcer

Bruteforce Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

It’s very flexible, here are some functionalities:

  • Recursion (When doing directory bruteforce)
  • Post data bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
  • Colored output on all systems ;)
  • Hide results by return code, word numbers, line numbers, etc.
  • Url encoding
  • Cookies
  • Multithreading
  • Proxy support
  • All parameters bruteforcing (POST and GET)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (All dictionaries are from Darkraver’s Dirb, www.open-labs.org)

It was created to facilitate the task in Web Applications assessments, it’s a tool by pentesters for pentesters ;)

You can read more about this tool on the author’s website ,
http://www.edge-security.com/wfuzz.php

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.

Post Info

This entry was posted on Monday, May 7th, 2007 and is filed under Web Applications, Brute Force, Tools.

You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.



Previous Post: PHP based Web Application IDS / IPS »
Next Post: Free online scan to detect USB stick, iPod and other removable storage devices »

Read More

Related Reading:

Latest Posts:


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

Close
E-mail It