[WEB SECURITY] [Tool] Powerfuzzer - introducing powerful and easy web fuzzing
Marcin Kozlowski
marcinguy at gmail.com
Tue Dec 2 06:06:28 EST 2008
Hi all,
I am glad to release Powerfuzzer to Webappsec community. It is a GUI based
fuzzer & web application scanner written in Python . It's very easy to use
and is proven to be effective. Any help in further development is more than
welcome.
Project Website
================
http://powerfuzzer.sourceforge.net
Project Description
================
Powerfuzzer is a highly automated web fuzzer based on many other Open Source
fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz,
webscarab,wapiti, Socket Fuzzer) and information gathered from numerous
security resources and websites. It is capable of spidering website and
identifying inputs.
Currently, it is capable of identifying these problems:
- Cross Site Scripting (XSS)
- Injections (SQL, LDAP, code, commands, and XPATH)
- CRLF
- HTTP 500 statuses (usually indicative of a possible
misconfiguration/security flaw incl. buffer overflow)
Designed and coded to be modular and extendable. Adding new checks should
simply entail adding new methods.
Thanks,
Marcin
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list