Updates Wfuzz v-2.1 Beta : The web application Bruteforcer.

Updates Wfuzz v-2.1 Beta : The web application Bruteforcer.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

Changelog :
– Importing wfuzz 2.1
– quote subprocess call
– push last externals
Some features:
* Multiple Injection points capability with multiple dictionaries
* Recursion (When doing directory bruteforce)
* Post, headers and authentication data brute forcing
* Output to HTML
* Colored output
* Hide results by return code, word numbers, line numbers, regex.
* Cookies fuzzing
* Multi threading
* Proxy support
* SOCK support
* Time delays between requests
* Authentication support (NTLM, Basic)
* All parameters bruteforcing (POST and GET)
* Multiple encoders per payload
* Payload combinations with iterators
* Baseline request (to filter results against)
* Brute force HTTP methods
* Multiple proxy support (each request through a different proxy)
* HEAD scan (faster for resource discovery)
* Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i,
Vignette, Coldfusion and many more.i
(Many dictionaries are from Darkraver’s Dirb, www.open-labs.org)
Payloads:
* File
* List
* hexrand
* range
* names
* hexrange

Encodings:
* random_uppercase
* urlencode
* binary_ascii
* base64
* double_nibble_hex
* uri_hex
* sha1
* md5
* double_urlencode
* utf8
* utf8_binary
* html
* html decimal
* custom
* many more…
Iterators:
* Product
* Zip
* Chain

Download latest version : Wfuzz.2.1Beta(319 KB)
sources : http://www.edge-security.com/wfuzz.php
Our post before : http://seclist.us/wfuzz-web-application-bruteforcer.html