Tag: fuzzing

Web Penetration Testing

Web application bruteforcer

Wfuzz is a tool designed to brutefore web applications, it’s very flexible, it supports: Recursion (when doing directory discovery) Post data bruteforcing Header bruteforcing Output to HTML (easy for just clicking the links and checking the page, even with postdata!) Colored output Hide results by return code, word numbers, line numbers, etc. Url encoding Cookies …

Exploits, Fuzzing

Security oriented open source fuzzer

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful …

Fuzzing, Metasploit

Fuzzing with Metasploit

Fuzzing or fuzz testing is an automated or semi-automated black box software testing technique that automates the process of data generation and injection to discover bugs, crashes, maximum overflow capacities and memory leaks in software applications, protocols, file formats and computer systems by providing invalid, unexpected and random data to the inputs of the system. …

Backtrack, Linux, Penetration Testing, Tools

Web server audit tool – Webshag

Webshag page 1. Open your BackTrack VM. 2. Goto Applications->BackTrack->Information Gathering->Web Application Analysis->Web Crawlers->webshag-cli 3. Execute the following command to uscan a host on port 80: python webshag_cli.py targethostname.compython webshag_cli.py targethostname.com 4. Options: –version show program’s version number and exit -h, –help show this help message and exit -U Update the URL scanner databases and …