Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

Tuesday, January 5, 2016

Wfuzz - The Web Application Bruteforcer




Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

Some features
  • Multiple Injection points capability with multiple dictionaries
  • Recursion (When doing directory bruteforce)
  • Post, headers and authentication data brute forcing
  • Output to HTML
  • Colored output
  • Hide results by return code, word numbers, line numbers, regex.
  • Cookies fuzzing
  • Multi threading
  • Proxy support
  • SOCK support
  • Time delays between requests
  • Authentication support (NTLM, Basic)
  • All parameters bruteforcing (POST and GET)
  • Multiple encoders per payload
  • Payload combinations with iterators
  • Baseline request (to filter results against)
  • Brute force HTTP methods
  • Multiple proxy support (each request through a different proxy)
  • HEAD scan (faster for resource discovery)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more.i (Many dictionaries are from Darkraver's Dirb, www.open-labs.org)

Payloads
  • File
  • List
  • hexrand
  • range
  • names
  • hexrange

Encodings
  • random_uppercase
  • urlencode
  • binary_ascii
  • base64
  • double_nibble_hex
  • uri_hex
  • sha1
  • md5
  • double_urlencode
  • utf8
  • utf8_binary
  • html
  • html decimal
  • custom
  • many more...

Iterators
  • Product
  • Zip
  • Chain

Share:

0 comentários:

Post a Comment

Note: Only a member of this blog may post a comment.

Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition