untidy – XML Fuzzer


Seen as though untidy was mentioned again fairly recent, it sparked my memory that I have a fairly old draft regarding untidy the XML Fuzzer.

Fuzzing is definitely becoming an important part of Pen Testing and especially application security – we’ve published about quite a few and I’m sure there are more in development.

Anyway, back to topic.

I’m glad to release the second beta version of untidy; untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It’s released under GPL v2 and written in python.

It’s currently in it’s second release (Beta 2).

There are no prerequisites for running untidy, you will have to change it slightly though as it will output a LOT of XML to the screen, you’ll need to find the “print i” and change it to something more appropriate (sending to the server you want to test or outputing to a file with a newline for each iteration).

You can download untidy here:

untidy-beta2.tgz

Or read more here.

Posted in: Hacking Tools, Secure Coding, Web Hacking

, , , , , ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


2 Responses to untidy – XML Fuzzer

  1. dirty November 8, 2007 at 4:10 pm #

    “as it will output a LOT of XML to the screen”
    Wow, you werent kidding! jk LOL
    Neat tool though

  2. Reticent November 12, 2007 at 10:22 pm #

    Just a FYI for those that arent so familar with the term, ‘fuzzing’ – http://en.wikipedia.org/wiki/Fuzz_testing – Seems to be a bit of a buzz word at the moment.