27 April 2010 | 14,614 views

fuzzdb – Comprehensive Set Of Known Attack Sequences

Check Your Web Security with Acunetix

fuzzdb is a comprehensive set of known attack pattern sequences, predictable locations, and error messages for intelligent brute force testing and exploit condition identification of web applications.

Many mechanisms of attack used to exploit different web server platforms and applications are triggered by particular meta-characters that are observed in more than one product security advisory. fuzzdb is a database attack patterns known to have caused exploit conditions in the past, categorized by attack type, platform, and application.

Because of the popularity of a small number of server types, platforms, and package formats, resources such as logfiles and administrative directories are typically located in a small number of predictable locations. A comprehensive database of these, sorted by platform type, makes brute force fuzz testing a scalpel-like approach.

Since system errors contain predictable strings, fuzzdb contains lists of error messages to be pattern matched against server output in order to aid detection software security defects.

Primary sources used for attack pattern research:

  • researching old web exploits for repeatable attack strings
  • scraping scanner patterns from http logs
  • various books, articles, blog posts, mailing list threads
  • patterns gleaned from other open source fuzzers and pentest tools
  • analysis of default app installs
  • system and application documentation
  • error messages


It’s like a non-automated open source scanner without the scanner. You can download fuzzdb v1.06 here:

fuzzdb-1.06.tgz

It’s recommended to sync via SVN though as the contents will be a lot fresher as compared to the files in the tar.

Or read more here.



Recent in Hacking Tools:
- ParanoiDF – PDF Analysis & Password Cracking Tool
- XSSYA – Cross Site Scripting (XSS) Scanner Tool
- clipcaptcha – CAPTCHA Service Impersonation Tool

Related Posts:
- Comprehensive SQL Injection Cheat Sheet
- Trafscrambler – Anti-sniffer/IDS Tool
- Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,861,500 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,049,267 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 621,381 views

Advertise on Darknet

Comments are closed.