w3bfukk0r 0.2 Forced Browsing Tool Released
w3bfukk0r is a forced browsing tool, it basically scans webservers (HTTP/HTTPS) for a directory by using HTTP HEAD command and brute force mechanism based on a word list. Features:
- HTTP/HTTPS(SSL) support
- Banner grabbing
- User-Agent faking
- Proxy support (HTTP/S)
- Reports found and non-existend directories
Example output:
w3bfukk0r http://nion.modprobe.de
Starting w3bfukk0r 0.2
Scanning http://nion.modprobe.de/ with 76 words from words.txt
Found http://nion.modprobe.de/tmp/ (HTTP 200)
Found http://nion.modprobe.de/blog/ (HTTP 200)
Found http://nion.modprobe.de/img/ (HTTP 200)
Found http://nion.modprobe.de/setup/ (HTTP 200)
Found 4 directories.
Server runs: Apache/2.0.54 (Debian GNU/Linux) PHP/5.1.4-0.1~bpo2
Scan finished (5 seconds).
Note: Not all webservers are handling HTTP status codes correctly, so if the webserver doesn’t care about RFCs the report generated by w3bfukk0r may include false positives. Maybe we’ll find a good method to detect those false positives.
You can download w3bfukk0r 0.2 here:
Tweet
Posted in: 
Recent in Hacking Tools:
- Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework
- Patator – Multi Purpose Brute Forcing Tool
- MySQLPasswordAuditor – Free MySQL Audit/Password Recovery & Cracking Tool
Related Posts:
- Google Safe Browsing Extension for Firefox & Netcraft Toolbar – Anti-Phishing
- Site Guesses Your Gender via Browsing History
- projectBypass
Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,630,866 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 899,232 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 505,323 views
So basically this is a command-line POSIX intellitamper :)
Can you add get request support ? To scan directory and files ?.
Example :
snprintf(buf,sizeof(buf),”GET %s%s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s:%u\r\nConnection: %s\r\n\r\n”,