Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

wfuzz v1.4 - The web bruteforcer

from [Christian Martorella] Network Security [Permanent Link]
Subject: wfuzz v1.4 - The web bruteforcer
Date: Thu, 24 Jan 2008 23:32:10 +0100
A new version of Wfuzz is available, many improvements and fixes since first release.

http://www.edge-security.com/wfuzz.php

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, files), bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/ Password), Fuzzing,etc.

It's very flexible, here are some functionalities:

*-Recursion (When doing directory bruteforce)
*-Post, headers and authentication data bruteforcing
*-Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
*-Colored output on all systems ;)
*-Hide results by return code, word numbers, line numbers, etc.
*-Encodings: (Random_upper, Urlencode, SHA1, MD5, Bin_ascii,Base64, UTF8, many more..)
*- Cookies bruteforcing
*- Multithreading
*- Proxy support
*- Multiple bruteforce points capability with different dictionaries
*- Authentication support (Ntlm, Digest,Basic)
*- Authentication bruteforcing.
*- All parameters bruteforcing (POST,GET)
*- Worldlist tailored for known applications (Weblogic,Iplanet,Tomcat, Domino, Oracle) and common applications file names.
*- Speed :)

Regards,

Christian Martorella
www.edge-security.com
laramies.blogspot.com





__________________________________________________ Pregunta. Respondi. Descubrm. Todo lo que quermas saber, y lo que ni imaginabas, esta en Yahoo! Respuestas (Beta). !Probalo ya! http://www.yahoo.com.ar/respuestas


-------------------------------------------------------------------------
Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • wfuzz v1.4 - The web bruteforcer, Christian Martorella <=
Previous by Date:  sqlninja 0.2.2 released, A. R.
Next by Date:  Apache mod_negotiation Xss and Http Response Splitting, Minded Security Research Labs
Previous by Thread:  sqlninja 0.2.2 released, A. R.
Next by Thread:  Apache mod_negotiation Xss and Http Response Splitting, Minded Security Research Labs
Indexes:  [Date] [Thread] [Top] [All Lists]