A new version of Wfuzz is available, many improvements and fixes since
first release.
http://www.edge-security.com/wfuzz.php
Wfuzz is a tool designed for bruteforcing Web Applications, it can be
used for finding resources not linked (directories, files), bruteforce
HEADERS, GET and POST parameters for checking different kind of
injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/
Password), Fuzzing,etc.
It's very flexible, here are some functionalities:
*-Recursion (When doing directory bruteforce)
*-Post, headers and authentication data bruteforcing
*-Output to HTML (easy for just clicking the links and checking
the page, even with postdata!!)
*-Colored output on all systems ;)
*-Hide results by return code, word numbers, line numbers, etc.
*-Encodings: (Random_upper, Urlencode, SHA1, MD5,
Bin_ascii,Base64, UTF8, many more..)
*- Cookies bruteforcing
*- Multithreading
*- Proxy support
*- Multiple bruteforce points capability with different dictionaries
*- Authentication support (Ntlm, Digest,Basic)
*- Authentication bruteforcing.
*- All parameters bruteforcing (POST,GET)
*- Worldlist tailored for known applications
(Weblogic,Iplanet,Tomcat, Domino, Oracle) and common applications file
names.
*- Speed :)
Regards,
Christian Martorella
www.edge-security.com
laramies.blogspot.com
__________________________________________________
Preguntá. Respondé. Descubrí.
Todo lo que querías saber, y lo que ni imaginabas,
está en Yahoo! Respuestas (Beta).
¡Probalo ya!
http://www.yahoo.com.ar/respuestas
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
__________________________________________________
Preguntá. Respondé. Descubrí.
Todo lo que querías saber, y lo que ni imaginabas,
está en Yahoo! Respuestas (Beta).
¡Probalo ya!
http://www.yahoo.com.ar/respuestas
Received on Jan 24 2008
Intro
