09 April 2008 | 12,828 views

Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications

Want to Learn Penetration Testing

A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources that are not publically linked such as directories & files, it can bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), it can also bruteforce forms parameters (User/Password) and carry out general Fuzzing,etc.

Functions

  • Recursion (When doing directory bruteforce)
  • Post, headers and authentication data bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
  • Colored output on all systems
  • Hide results by return code, word numbers, line numbers, etc.
  • Many Encodings (random_upper, urlencode, sHA1, bin_ascii, base64, double_nibble_hex, uri_hex, md5, double_urlencode etc)
  • Cookies fuzzing
  • Multi-threading
  • Proxy support
  • Multiple FUZZ capability with multiple dictionaries
  • Authentication support (NTLM, Digest, Basic)
  • All parameter bruteforcing (POST and GET)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more)

The tool is based on dictionaries and ranges, you choose where you want to bruteforce just by replacing the part of the URL or the POST by the keyword FUZZ.

You can download wfuzz v1.4 here:

Wfuzz 1.4 – Source (20/01/2008)
Wfuzz 1.4b – Windows binary (17/02/2008)

Or read more here.

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon


Tags: , , , , , , , , ,


# Posted in: Hacking Tools, Web Hacking | * 3 Comments


Recent in Hacking Tools:
- Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework
- Patator – Multi Purpose Brute Forcing Tool
- MySQLPasswordAuditor – Free MySQL Audit/Password Recovery & Cracking Tool

Related Posts:
- Wfuzz – A Tool for Bruteforcing/Fuzzing Web Applications
- GoLISMERO – Web Application Mapping Tool
- Keep on Fuzzing! Advice

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,630,997 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 899,305 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 505,381 views

Advertise on Darknet


3 Responses to “Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications”

  1. zupakomputer 9 April 2008 at 6:12 pm Permalink

    Someone should just release a Masked Ball edition of all known fuzzwear and call it after Fuzzy Duck.

  2. zupakomputer 9 April 2008 at 6:39 pm Permalink

    And scrty dtr, what about that?

    sorry

  3. fever 9 April 2008 at 8:12 pm Permalink

    sounds like an app to take a look into. could have possibilities. hope to see more.