‘Powerfuzzer – Automated Web Fuzzer’
‘Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering website and identifying inputs.
Currently, it is capable of identifying these problems:
– Cross Site Scripting (XSS)
– Injections (SQL, LDAP, code, commands, and XPATH)
– HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)
Designed and coded to be modular and extend-able. Adding new checks should simply entail adding new methods.’