Home page logo

pen-test logo Penetration Testing mailing list archives

Wfuzz v1.4 - The web bruteforcer
From: Christian Martorella <cmartorella () edge-security com>
Date: Thu, 24 Jan 2008 23:20:19 +0100

A new version of Wfuzz is available, many improvements and fixes since first release.


Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

It's very flexible, here are some functionalities:

    *-Recursion (When doing directory bruteforce)
    *-Post, headers and authentication data bruteforcing
*-Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
    *-Colored output on all systems ;)
    *-Hide results by return code, word numbers, line numbers, etc.
*-Encodings: (Random_upper, Urlencode, SHA1, MD5, Bin_ascii,Base64, UTF8, many more..)
    *- Cookies brute forcing
    *- Multithreading
    *- Proxy support
*- Multiple bruteforce points capability with different dictionaries
    *- Authentication support (Ntlm, Digest,Basic)
    *- Authentication bruteforcing.
    *- All parameters bruteforcing (POST,GET)
*- Worldlist tailored for known applications (Weblogic,Iplanet,Tomcat, Domino, Oracle)
    *- Speed :)


Christian Martorella

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
  • Wfuzz v1.4 - The web bruteforcer Christian Martorella (Jan 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]