Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications

Your website & network are Hackable


A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources that are not publically linked such as directories & files, it can bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), it can also bruteforce forms parameters (User/Password) and carry out general Fuzzing,etc.

Functions

  • Recursion (When doing directory bruteforce)
  • Post, headers and authentication data bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
  • Colored output on all systems
  • Hide results by return code, word numbers, line numbers, etc.
  • Many Encodings (random_upper, urlencode, sHA1, bin_ascii, base64, double_nibble_hex, uri_hex, md5, double_urlencode etc)
  • Cookies fuzzing
  • Multi-threading
  • Proxy support
  • Multiple FUZZ capability with multiple dictionaries
  • Authentication support (NTLM, Digest, Basic)
  • All parameter bruteforcing (POST and GET)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more)

The tool is based on dictionaries and ranges, you choose where you want to bruteforce just by replacing the part of the URL or the POST by the keyword FUZZ.

You can download wfuzz v1.4 here:

Wfuzz 1.4 – Source (20/01/2008)
Wfuzz 1.4b – Windows binary (17/02/2008)

Or read more here.


Posted in: Hacking Tools, Web Hacking

, , , , , , , , ,

Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,987,527 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,458,041 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 684,340 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


3 Responses to Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications

  1. zupakomputer April 9, 2008 at 6:12 pm #

    Someone should just release a Masked Ball edition of all known fuzzwear and call it after Fuzzy Duck.

  2. zupakomputer April 9, 2008 at 6:39 pm #

    And scrty dtr, what about that?

    sorry

  3. fever April 9, 2008 at 8:12 pm #

    sounds like an app to take a look into. could have possibilities. hope to see more.