0d1n is a Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. At other point view this anomalies can be a vulnerability, These tests can follow web parameters, files, directories, forms and others.
Rules you need know about parameters:
Each parameter is a resource function to help you
When you view caracter ’ ˆ ’(circumflex) this is lexical caracter this represent the payload to replace each line in text file
The parameter ”–log” you need use always
The parameter ”–host” you need use always
Tamper is a function to use camouflage in your payload, this way you can try bypass web application firewall
Each options use different technique to try hide payload
You need to remember to using proxy list per Request to try walk in stealth to work without blacklists.
You can follow this command to make custom fuzzing:
./0d1n –host http://localhost/ –custom my request.txt –payloads payloads/xss.txt –find regex list payloads/guess.txt –log 133oooo5 –save response –timeout 5
Following this to get, decompress, compile and execute:
unzip master.zip; cd 0d1n-master; make; ./0d1n