Fugitif
13.08.2008, 21:54
Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering website and identifying inputs.
http://powerfuzzer.sourceforge.net/images/3.jpg
Currently, it is capable of identifying these problems:
- Cross Site Scripting (XSS)
- Injections (SQL, LDAP, code, commands, and XPATH)
- CRLF
- HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)
Designed and coded to be modular and extendable. Adding new checks should simply entail adding new methods.
More Info and Download:
http://powerfuzzer.sourceforge.net/
BTW; already tested and works good :)
http://powerfuzzer.sourceforge.net/images/3.jpg
Currently, it is capable of identifying these problems:
- Cross Site Scripting (XSS)
- Injections (SQL, LDAP, code, commands, and XPATH)
- CRLF
- HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)
Designed and coded to be modular and extendable. Adding new checks should simply entail adding new methods.
More Info and Download:
http://powerfuzzer.sourceforge.net/
BTW; already tested and works good :)