‘Powerfuzzer – Automated Web Fuzzer’

Summary

Credit:

‘The information has been provided by Marcin Kozlowski.
To keep updated with the tool visit the project’s homepage at: http://powerfuzzer.sourceforge.net/


Details

‘Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering website and identifying inputs.

Currently, it is capable of identifying these problems:
 – Cross Site Scripting (XSS)
 – Injections (SQL, LDAP, code, commands, and XPATH)
 – CRLF
 – HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)

Designed and coded to be modular and extend-able. Adding new checks should simply entail adding new methods.’

Categories: Tools