ARTICLE

Wfuzz the web bruteforcer v1.4 released

Saturday 26 January 2008

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

It’s very flexible, here are some functionalities:

- Recursion (When doing directory bruteforce)
- Post, headers and authentication data bruteforcing
- Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
- Colored output on all systems ;)
- Hide results by return code, word numbers, line numbers, etc.
- Encodings:

  • Random_upper
  • Urlencode
  • SHA1
  • Bin_ascii
  • Base64
  • Double_nibble_hex
  • Uri_hex
  • MD5
  • Double_urlencode
  • UTF8
  • UTF8 binary
  • HTML
  • HTML decimal
  • many more...

- Cookies fuzzing
- Multithreading
- Proxy support
- Multiple FUZZ capability with multiple dictionaries
- Authentication support (Ntlm, Digest,Basic)
- All parameters bruteforcing (POST and GET)
- Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (Many dictionaries are from Darkraver’s Dirb, www.open-labs.org)


POSTSCRIPTUM

Download


RELATED ARTICLES

Application Scanner, Bruteforcers, Fuzzers, Wfuzz,

26 January 2008 : Wfuzz the web bruteforcer v1.4 released