08 November 2007 | 3,983 views

untidy – XML Fuzzer

Check Your Web Security with Acunetix

Seen as though untidy was mentioned again fairly recent, it sparked my memory that I have a fairly old draft regarding untidy the XML Fuzzer.

Fuzzing is definitely becoming an important part of Pen Testing and especially application security – we’ve published about quite a few and I’m sure there are more in development.

Anyway, back to topic.

I’m glad to release the second beta version of untidy; untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It’s released under GPL v2 and written in python.

It’s currently in it’s second release (Beta 2).

There are no prerequisites for running untidy, you will have to change it slightly though as it will output a LOT of XML to the screen, you’ll need to find the “print i” and change it to something more appropriate (sending to the server you want to test or outputing to a file with a newline for each iteration).

You can download untidy here:

untidy-beta2.tgz

Or read more here.



Recent in Hacking Tools:
- InsomniaShell – ASP.NET Reverse Shell Or Bind Shell
- WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More
- Kali Linux – The Most Advanced Penetration Testing Linux Distribution

Related Posts:
- Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool
- IOCTL Fuzzer v1.2 – Fuzzing Tool For Windows Kernel Drivers
- fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,878,915 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,076,434 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 629,345 views

Advertise on Darknet

2 Responses to “untidy – XML Fuzzer”

  1. dirty 8 November 2007 at 4:10 pm Permalink

    “as it will output a LOT of XML to the screen”
    Wow, you werent kidding! jk LOL
    Neat tool though

  2. Reticent 12 November 2007 at 10:22 pm Permalink

    Just a FYI for those that arent so familar with the term, ‘fuzzing’ – http://en.wikipedia.org/wiki/Fuzz_testing – Seems to be a bit of a buzz word at the moment.