[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Wfuzz v1.4 - The web bruteforcer
- From: Christian Martorella <cmartorella@xxxxxxxxxxxxxxxxx>
- Subject: [WEB SECURITY] Wfuzz v1.4 - The web bruteforcer
- Date: Thu, 24 Jan 2008 23:56:21 +0100
--Apple-Mail-2--430117702
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
A new version of Wfuzz is available, many improvements and fixes since
first release.
http://www.edge-security.com/wfuzz.php
Wfuzz is a tool designed for bruteforcing Web Applications, it can be
used for finding resources not linked (directories, files), bruteforce
HEADERS, GET and POST parameters for checking different kind of
injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/
Password), Fuzzing,etc.
It's very flexible, here are some functionalities:
*-Recursion (When doing directory bruteforce)
*-Post, headers and authentication data bruteforcing
*-Output to HTML (easy for just clicking the links and checking
the page, even with postdata!!)
*-Colored output on all systems ;)
*-Hide results by return code, word numbers, line numbers, etc.
*-Encodings: (Random_upper, Urlencode, SHA1, MD5,
Bin_ascii,Base64, UTF8, many more..)
*- Cookies bruteforcing
*- Multithreading
*- Proxy support
*- Multiple bruteforce points capability with different dictionaries
*- Authentication support (Ntlm, Digest,Basic)
*- Authentication bruteforcing.
*- All parameters bruteforcing (POST,GET)
*- Worldlist tailored for known applications
(Weblogic,Iplanet,Tomcat, Domino, Oracle) and common applications file
names.
*- Speed :)
Regards,
Christian Martorella
www.edge-security.com
laramies.blogspot.com
--Apple-Mail-2--430117702
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">A new version of Wfuzz is =
available, many improvements and fixes since first release.<br><br><a =
href=3D"http://www.edge-security.com/wfuzz.php";>http://www.edge-security.c=
om/wfuzz.php</a><br><br>Wfuzz is a tool designed for bruteforcing Web =
Applications, it can be used for finding resources not linked =
(directories, files), bruteforce HEADERS, GET and POST parameters for =
checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce =
Forms parameters (User/Password), Fuzzing,etc.<br><br>It's very =
flexible, here are some =
functionalities:<br><br> *-Recursion (When doing =
directory bruteforce)<br> *-Post, headers and =
authentication data bruteforcing<br> *-Output to HTML =
(easy for just clicking the links and checking the page, even with =
postdata!!)<br> *-Colored output on all systems =
;)<br> *-Hide results by return code, word numbers, =
line numbers, etc.<br> *-Encodings: (Random_upper, =
Urlencode, SHA1, MD5, Bin_ascii,Base64, UTF8, many =
more..)<br> *- Cookies =
bruteforcing<br> *- =
Multithreading<br> *- Proxy =
support<br> *- Multiple bruteforce points capability =
with different dictionaries<br> *- Authentication =
support (Ntlm, Digest,Basic)<br> *- Authentication =
bruteforcing.<br> *- All parameters bruteforcing =
(POST,GET)<br> *- Worldlist tailored for known =
applications (Weblogic,Iplanet,Tomcat, Domino, Oracle) and common =
applications file names.<br> *- Speed =
:)<br><br>Regards,<br><br>Christian Martorella<br><a =
href=3D"http://www.edge-security.com/";>www.edge-security.com</a><br>larami=
es.blogspot.com</body></html>=
--Apple-Mail-2--430117702--
Brought to you by http://www.webappsec.org
Search this site
|