Fuzzer Security Testing Tools ListApplication Security

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Application Security Fuzzer Security Testing Tools List

This topic contains 5 replies, has 4 voices, and was last updated by  jadenturner 3 years, 1 month ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #74053


    Fuzzer Testing Tools

    PeachFuzzer – http://www.peachfuzzer.com/products/ The Peach Fuzzer Platform, paired with our industry-focused Peach Pits, can test virtually any system for unknown vulnerabilities. From common test targets to complex proprietary systems. The fuzzing platform gives users the tools to secure their products by eliminating potential security threats before deployment and release

    SkipFish – https://code.google.com/archive/p/skipfish/ Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security check

    W3af – http://w3af.org/ It is a web application audit and attack framework that is effective against over 200 vulnerabilities. It has a GUI with expert tools which can be used to send HTTP request and cluster HTTP responses. If a website is protected, it can use authentication modules to scan them. Output can be logged into a console, a file or sent via email.

    WAPITI – http://wapiti.sourceforge.net/ Wapiti is also a nice web vulnerability scanner which lets you audit the security of your web applications. It performs black-box testing by scanning web pages and injecting data. It tries to inject payloads and see if a script is vulnerable. It supports both GET and POSTHTTP attacks and detects multiple vulnerabilities. It can detect following vulnerabilities: File Disclosure – File inclusion – Cross Site Scripting (XSS) – Command execution detection – CRLF Injection – SEL Injection and Xpath Injection – Weak .htaccess configuration – Backup files disclosure

    WFuzz – https://github.com/xmendez/wfuzz Wfuzz is another freely available open source tool for web application penetration testing. It can be used to brute force GET and POST parameters for testing against various kinds of injections like SQL, XSS, LDAP and many others. It also supports cookie fuzzing, multi-threading, SOCK, Proxy, Authentication, parameters brute forcing, multiple proxy and many other things. You can read more about the features of the tool here: http://code.google.com/p/wfuzz/

    WSFuzzer – https://sourceforge.net/projects/wsfuzzer/ WSFuzzer is a LGPL’d program, written in Python, that currently targets Web Services. In the current version HTTP based SOAP services are the main target. This tool was created based on, and to automate, some real-world manual SOAP pen testing work




    Thank you! Very useful!



    Thank you I will add those to the list!



    Any recommendations for fuzzing tool where the inputs are passed as commandline arguments?



    Interesting that you ask that – I am currently evaluating a tool that does just that for a start-up company – it has not been announced yet – I will keep you posted!

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?