Wfuzz is a tool designed for bruteforcing Web Applications,
it can be
used for finding resources not linked (directories,
servlets, scripts,
etc), bruteforce GET and POST parameters for check different
kind of
injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters
(User/Password), Fuzzing, etc.
It's very flexible, here are some functionalities:
* -Recursion (When doing directory bruteforce)
* -Post data bruteforcing
* -Output to HTML (easy for just clicking the links
and checking
the page, even with postdata!!)
* -Colored output on all systems ;)
* -Hide results by return code, word numbers, line
numbers, etc.
* -Url encoding
* -Cookies
* -Multithreading
* -Proxy support
* -All parameters bruteforcing (POST and GET)
* -Dictionaries tailored for known applications
(Weblogic,
Iplanet, Tomcat, Domino, Oracle 9i,
Vignette, Coldfusion and many more. (All
dictionaries are from
Darkraver's Dirb, www.open-labs.org)
Please go to Wfuzz page: http://www.edg
e-security.com/wfuzz.php
Christian Martorella
__________________________________________________
Preguntá. Respondé. Descubrí.
Todo lo que querías saber, y lo que ni imaginabas,
está en Yahoo! Respuestas (Beta).
¡Probalo ya!
http://www.yahoo.c
om.ar/respuestas
------------------------------------------------------------
-------------
Sponsored by: Watchfire
As web applications become increasingly complex, tremendous
amounts of
sensitive data - personal, medical and financial - are
exchanged, and
stored. Consumers expect and demand security for this
information. This
whitepaper examines a few vulnerability detection methods -
specifically
comparing and contrasting manual penetration testing with
automated
scanning tools. Download "Automated Scanning or Manual
Penetration
Testing?" today!
https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701500000008rSe
------------------------------------------------------------
--------------
|