Wfuzz(支持各种web漏洞扫描的工具)

上一篇 / 下一篇  2008-08-30 00:14:36

查看( 58 ) / 评论( 0 ) / 评分( 0 / 0 )
IXPUB技术博客n0}g n*ux9r

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
*|]b4d9lu;A0
0h FR4pZ9D s4G`0It's very flexible, here are some functionalities:
pW&ULz#m4O0

  • -Recursion (When doing directory bruteforce)
  • -Post, headers and authentication data bruteforcing
  • -Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
  • -Colored output on all systems ;)
  • -Hide results by return code, word numbers, line numbers, etc.
  • -Encodings:
    • - random_upper
    • - urlencode
    • - sHA1
    • - bin_ascii
    • - base64
    • - double_nibble_hex
    • - uri_hex
    • - md5
    • - double_urlencode
    • - utf8
    • - utf8_binary
    • - html
    • - html decimal
    • - many more...
  • -Cookies fuzzing
  • -Multithreading
  • -Proxy support
  • -Multiple FUZZ capability with multiple dictionaries
  • -Authentication support (Ntlm, Digest,Basic)
  • -All parameters bruteforcing (POST and GET)
  • -Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (Many dictionaries are from Darkraver's Dirb, www.open-labs.org)

4~MYxF0It was created to facilitate the task in Web Applications assessments, it's a tool by pentesters for pentesters ;)IXPUB技术博客:Gye\:x%Cs%X
One of the strengths of wfuzz is the speed, just try it...
r"m7qC|(Vt0
How does it works?
IXPUB技术博客 uQ7H4]-y RV+lN

The tool is based on dictionaries and ranges, you choose where you want to bruteforce just by replacing the part of the URL or the POST by the keyword FUZZ.
+t2c|Qp&B0
wE0IA7A-{X b'g,o0Check the video to see it running: Video

*p2n:G%o ^v LJ7T0
Examples
IXPUB技术博客}3^}~9D

  • - wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 --html http://www.mysite.com/FUZZ 2> results.html
  • This will bruteforce the site http://www.mysyte.com/FUZZ in search of resources (directories, scripts, files,etc), it will hide from the output the return code 404 (for easy reading the results), it will use the dictionary commons.txt for the bruteforce, and also will output the results to the results.html
    9qw qr7XN+GjtI!b0file (with a cool format to work).
    ~ENAh0
    :[PFh4Q0
  • wfuzz.py -c -z range -r 1-100 --hc 404 http://www.mysite.com/list.asp?id=FUZZ
  • In this example instead of using a file as dictionary, it will use a range from 1-100, and will bruteforce the parameter "id".IXPUB技术博客:q'Qy!x uRD!d0v{7i

    "Zjk/zHUsA|0
  • wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 --html -d "id=1&catalogue=FUZZ"
    http://www.mysite.com/check.asp 2 > results.html

    [.~@CD&vI0
  • Here you can see the use of POST data, with the option "-d".IXPUB技术博客R%w;\cM Bh E

    O(p;S3lLv0
  • wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 -R 1 http://www.mysite.com/FUZZ
  • Example of path discovery, using a recursive level of 1 paths.
  • wfuzz.py -c -z file -f wordlists/Injection/SQL.txt -V allvars http://www.mysite.com/res.asp?id=1&name=cars&cat=2
  • Example of Sql injection on every parameter of the request, you can fuzz every parameter with the option "-V allvars".

example-fuzz

example-fuzz

导入论坛 引用链接 收藏 分享给好友 推荐到圈子 管理 举报

TAG: web Web WEB 工具 漏洞 扫描 Wfuzz

 

评分:0

我来说两句

显示全部

:loveliness: :handshake :victory: :funk: :time: :kiss: :call: :hug: :lol :'( :Q :L ;P :$ :P :o :@ :D :( :)

日历

« 2009-01-05  
    123
45678910
11121314151617
18192021222324
25262728293031

数据统计

  • 访问量: 64893
  • 日志数: 1202
  • 文件数: 1
  • 建立时间: 2007-08-10
  • 更新时间: 2009-01-05

RSS订阅

Open Toolbar