Penetration Testing mailing list archives
Wfuzz - The web bruteforcer
From: Christian Martorella <laramies2k () yahoo com ar>
Date: Mon, 07 May 2007 21:01:07 +0200
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for check different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing, etc.
It's very flexible, here are some functionalities: * -Recursion (When doing directory bruteforce) * -Post data bruteforcing * -Output to HTML (easy for just clicking the links and checking the page, even with postdata!!) * -Colored output on all systems ;) * -Hide results by return code, word numbers, line numbers, etc. * -Url encoding * -Cookies * -Multithreading * -Proxy support * -All parameters bruteforcing (POST and GET) * -Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (All dictionaries are from Darkraver's Dirb, www.open-labs.org) Please go to Wfuzz page: http://www.edge-security.com/wfuzz.php Christian Martorella__________________________________________________ Preguntá. Respondé. Descubrí. Todo lo que querías saber, y lo que ni imaginabas, está en Yahoo! Respuestas (Beta). ¡Probalo ya! http://www.yahoo.com.ar/respuestas
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Wfuzz - The web bruteforcer Christian Martorella (May 07)