FUZZING

WEB SITES DEDICATED TO PROTOCOL FUZZING.

http://www.scadasec.net/secwiki/FuzzingTools
http://www.secguru.com/tag/fuzzer
http://www.fuzzing.org/

BUNNY

http://code.google.com/p/bunny-the-fuzzer/wiki/BunnyDoc

BUNNY IS A CLOSED LOOP (FEEDBACK DRIVEN), HIGH-PERFORMANCE, GENERAL PURPOSE PROTOCOL-BLIND FUZZER FOR C PROGRAMS (THOUGH IN PRINCIPLE EASILY PORTABLE TO ANY OTHER IMPERATIVE PROCEDURAL LANGUAGE).

ZZUF

http://sam.zoy.org/zzuf/

ZZUF IS A TRANSPARENT APPLICATION INPUT FUZZER. ITS PURPOSE IS TO FIND BUGS IN APPLICATIONS BY CORRUPTING THEIR USER-CONTRIBUTED DATA (WHICH MORE THAN OFTEN COMES FROM UNTRUSTED SOURCES ON THE INTERNET). IT WORKS BY INTERCEPTING FILE AND NETWORK OPERATIONS AND CHANGING RANDOM BITS IN THE PROGRAM’S INPUT. ZZUF’S BEHAVIOUR IS DETERMINISTIC, MAKING IT EASIER TO REPRODUCE BUGS.

ITS MAIN AREAS OF USE ARE:

  • QUALITY ASSURANCE: USE ZZUF TO TEST EXISTING SOFTWARE, OR INTEGRATE IT INTO YOUR OWN SOFTWARE’S TESTSUITE
  • SECURITY: VERY OFTEN, SEGMENTATION FAULTS OR MEMORY CORRUPTION ISSUES MEAN A POTENTIAL SECURITY HOLE, ZZUF HELPS EXPOSING SOME OF THEM
  • ZZUF’S PRIMARY TARGET IS MEDIA PLAYERS, IMAGE VIEWERS AND WEB BROWSERS, BECAUSE THE DATA THEY PROCESS IS INHERENTLY INSECURE, BUT IT WAS ALSO SUCCESSFULLY USED TO FIND BUGS IN SYSTEM UTILITIES SUCH AS OBJDUMP.

SCHEMER

http://www.fuzzware.net/Download/Fuzzware.rar

SCHEMER IS A GENERIC FILE AND PROTOCOL FUZZER. SCHEMER REQUIRES AN XML SCHEMA DESCRIBING THE FORMAT OF THE DATA AND AN EXAMPLE OR TEST CASE OF THE DATA TO BE FUZZED. SCHEMER MAKES AVAILABLE CERTAIN WAYS IN WHICH THE DATA CAN BE FUZZED, BUT LETS THE USER SPECIFY THE VALUES USED. FOR EXAMPLE, SCHEMER LETS YOU REPLACE STRINGS WITH LONG STRINGS, BUT THE USER HAS TO SPECIFY THE LENGTHS USED.

SCHEMER CAN OUTPUT THE FUZZED DATA IN A VARIETY OF WAYS; TO FILE, TO AN APPLICATION, TO THE NETWORK, OR TO CODE PROVIDED BY THE USER. SCHEMER CAN ALSO MONITOR THE SOFTWARE THAT IS THE TARGET OF THE FUZZED DATA AND RECORD ALL TEST CASES THAT AFFECT THE TARGET.
SOME EXAMPLES HAVE BEEN INCLUDED WITH SCHEMER TO DEMONSTRATE HOW IT CAN BE USED.

SCHEMER REQUIRES THE .NET FRAMEWORK AND IS CURRENTLY A COMMAND LINE APPLICATION, ALTHOUGH IT ONLY TAKES 1 ARGUMENT, THE CONFIGURATION FILE.

SULLEY FUZZING FRAMEWORK RELEASE

http://www.fuzzing.org/wp-content/Sulley%20Fuzzing%20Framework.exe

THE MANUAL CAN BE FOUND HERE:

http://www.fuzzing.org/wp-content/SulleyManual.pdf

SULLEY IS A FUZZER DEVELOPMENT AND FUZZ TESTING FRAMEWORK CONSISTING OF MULTIPLE EXTENSIBLE COMPONENTS. SULLEY (IMHO) EXCEEDS THE CAPABILITIES OF MOST PREVIOUSLY PUBLISHED FUZZING TECHNOLOGIES, COMMERCIAL AND PUBLIC DOMAIN. THE GOAL OF THE FRAMEWORK IS TO SIMPLIFY NOT ONLY DATA REPRESENTATION BUT TO SIMPLIFY DATA TRANSMISSION ANDTARGET MONITORING AS WELL. SULLEY IS AFFECTIONATELY NAMED AFTER THE CREATURE FROM MONSTERS INC., BECAUSE, WELL, HE IS FUZZY.
MODERN DAY FUZZERS ARE, FOR THE MOST PART, SOLELY FOCUS ON DATA GENERATION. SULLEY NOT ONLY HAS IMPRESSIVE DATA GENERATION BUT HAS TAKEN THIS A STEP FURTHER AND INCLUDES MANY OTHER IMPORTANT ASPECTS A MODERN FUZZER SHOULD PROVIDE. SULLEY WATCHES THE NETWORK AND METHODICALLY MAINTAINS RECORDS. SULLEY INSTRUMENTS AND MONITORS THE HEALTH OF THE TARGET, CAPABLE OF REVERTING TO A KNOWN GOOD STATE USING MULTIPLE METHODS. SULLEY DETECTS, TRACKS AND CATEGORIZES DETECTED FAULTS. SULLEY CAN FUZZ IN PARALLEL, SIGNIFICANTLY INCREASING TEST SPEED. SULLEY CAN AUTOMATICALLY DETERMINE WHAT UNIQUE SEQUENCE OF TEST CASES TRIGGER FAULTS. SULLEY DOES ALL THIS, AND MORE, AUTOMATICALLY AND WITHOUT ATTENDANCE.

OVERALL USAGE OF SULLEY BREAKS DOWN TO THE FOLLOWING:

DATA REPRESENTATION: FIRST STEP IN USING ANY FUZZER. RUN YOUR TARGET AND TICKLE SOME INTERFACES WHILE SNAGGING THE PACKETS. BREAK DOWN THE PROTOCOL INTO INDVIDUAL REQUESTS AND REPRESENT THAT AS BLOCKS IN SULLEY.

SESSION: LINK YOUR DEVELOPED REQUESTS TOGETHER TO FORM A SESSION, ATTACH THE VARIOUS AVAILABLE SULLEY MONITORING AGENTS (NETWORK, DEBUGGER, ETC…) AND COMMENCE FUZZING.

POST MORTEM: REVIEW THE GENERATED DATA AND MONITORED RESULTS. REPLAY INDIVIDUAL TEST CASES.

AXMAN

http://metasploit.com/users/hdm/tools/axman/

AXMAN IS A WEB-BASED ACTIVEX FUZZING ENGINE. THE GOAL OF AXMAN IS TO DISCOVER VULNERABILITIES IN COM OBJECTS EXPOSED THROUGH INTERNETEXPLORER. SINCE AXMAN IS WEB-BASED, ANY SECURITY CHANGES IN THE BROWSER WILL ALSO AFFECT THE RESULTS OF THE FUZZING PROCESS. THIS ALLOWS FOR A MUCH MORE REALISTIC TEST THAN OTHER COM-BASED ASSESSMENT TOOLS. AXMAN IS DESIGNED TO BE USED WITH INTERNET EXPLORER 6 ONLY.

BED.PL

http://www.codito.de/

BED IS A PROGRAM WHICH IS DESIGNED TO CHECK DAEMONS FOR POTENTIAL BUFFER OVERFLOWS, FORMAT STRING BUGS ET. AL.

BED SIMPLY SENDS THE COMMANDS TO THE SERVER AND CHECKS WHETHER IT IS STILL ALIVE AFTERWARDS.

LLDP FUZZER

http://www.cs.utexas.edu/~jhol/lldpfuzzer.html

THE LINK LAYER DISCOVERY PROTOCOL (LLDP) IS A LAYER TWO PROTOCOL USED BY NETWORK DEVICES TO SHARE INFORMATION, SUCH AS THEIR IDENTITY AND CAPABILITIES, ON A LAN.

MALYBUZZ

http://sourceforge.net/projects/malybuzz/

MALYBUZZ IS A MULTIPROTOCOL NETWORK FUZZER TO CHECK THE SECURITY OF APPLICATIONS. THANKS TO MALYBUZZ SOME NEW VULNERABILITIES HAVE BEEN DISCOVERED.

BESTORM (COMMERCIAL)

http://www.beyondsecurity.com/

HIGHLIGHTS AS REPORTED:

  • INNOVATIVE BESTORM PERFORMS AN EXHAUSTIVE ANALYSIS TO UNCOVER NEW AND UNKNOWN VULNERABILITIES IN SOFTWARE PRODUCTS. THIS IS DIFFERENT THAN OLDER GENERATION TOOLS THAT USE ATTACK SIGNATURES OR ATTEMPT TO LOCATE KNOWN VULNERABILITIES IN PRODUCTS. BESTORM DOES NOT NEED THE SOURCE CODE TO ANALYZE AND UNCOVER VULNERABILITIES.
  • BROAD RANGE MANY OF THE COMMON INTERNET PROTOCOLS CAN BE TESTED BY BESTORM - EVEN COMPLEX PROTOCOLS SUCH AS SIP (USED IN VOICE OVER IP PRODUCTS) ARE SUPPORTED.
  • ATTACK PRIORITIZATION SPECIAL ATTACK PRIORITIZING ALGORITHMS ALLOW BESTORM TO START WITH THE ATTACKS MOST LIKELY TO SUCCEED, DEPENDING ON THE SPECIFIC PROTOCOL THAT IS AUDITED. THIS SAVES CONSIDERABLE TIME DURING THE AUDIT PROCESS AND HIGHLIGHTS THE MOST IMPORTANT PROBLEMS, FIRST.
  • REPORT ACCURACY BESTORM CHECKS THE APPLICATION EXTERNALLY BY TRIGGERING ACTUAL ATTACKS. VULNERABILITIES ARE REPORTED ONLY IF AN ACTUAL ATTACK HAS BEEN SUCCESSFUL, FOR EXAMPLE IF A BUFFER OVERFLOW HAS BEEN TRIGGERED. SIMPLY PUT, BESTORM EMULATES AN ATTACKER. IF THE ATTACKER CANNOT CARRY OUT THE ATTACK, BESTORM WILL NOT REPORT IT, EFFECTIVELY REDUCING THE NUMBER OF FALSE POSITIVES.
  • PROTOCOL COMPLIANCE BESTORM IS ABLE TO CONVERT THE PROTOCOL STANDARD TEXT TO AUTOMATED SET OF TESTS BY CONVERTING THE BNF DESCRIPTION USED IN TECHNICAL RFC DOCUMENTS TO ATTACK LANGUAGE. THIS ENSURES THAT THE ENTIRE FUNCTIONALITY OF THE SYSTEM IS CHECKED, AND ENABLES TO QUICKLY FIND BUGS THAT OTHERWISE SURFACE ONLY MONTHS OR YEARS AFTER THE PRODUCT IS RELEASED TO THE MARKET.
  • COMPREHENSIVE ANALYSIS BESTORM DETECTS VULNERABILITIES BY ATTACHING TO THE AUDITED PROCESS AND DETECTING EVEN THE SLIGHTEST ANOMALIES. BY DOING SO, BESTORM CAN FIND ATTACKS AS SUBTLE AS 'OFF-BY-ONE' ATTACKS, AS WELL AS BUFFER OVERFLOW ATTACKS THAT DO NOT CRASH THE APPLICATION.
  • SCALING BESTORM IS EXTREMELY SCALABLE, WITH THE ABILITY TO USE MULTIPLE PROCESSORS OR MULTIPLE MACHINES TO PARALLELIZE THE AUDIT AND SUBSTANTIALLY REDUCE THE TESTING DURATION.
  • EXTENSIBILITY BESTORM TESTS THE PROTOCOL RATHER THAN THE PRODUCT, AND THEREFORE CAN BE USED TO TEST EXTREMELY COMPLICATED PRODUCTS WITH A LARGE CODE BASE.
  • FLEXIBILITY BESTORM'S PROTOCOL ANALYSIS CAN BE EASILY EXTENDED TO SUPPORT YOUR PROPRIETARY PROTOCOL.
  • LANGUAGE INDEPENDENT BESTORM TESTS THE BINARY APPLICATION, AND IS THEREFORE COMPLETELY INDIFFERENT TO THE PROGRAMMING LANGUAGE OR SYSTEM LIBRARIES USED. BESTORM WILL REPORT THE EXACT INTERACTION THAT TRIGGERS THE VULNERABILITY, AND THE PROGRAMMERS CAN NOW DEBUG THE APPLICATION WITH WHATEVER DEVELOPMENT ENVIRONMENT THEY WISH TO SEE WHAT CAUSES THE FAULT.

JBROFUZZ

http://sourceforge.net/projects/jbrofuzz

JBROFUZZ IS A JAVA BASED STATELESS NETWORK PROTOCOL FUZZER FOR PENETRATION TESTS. IT ALLOWS FOR THE IDENTIFICATION OF CERTAIN CLASSES OF SECURITY BUGS BY MEANS OF CREATING MALFORMED DATA AND HAVING THE NETWORK PROTOCOL IN QUESTION CONSUME THE DATA.

LIBFUZZ 0.3

http://www.blackops.cn/tools/libfuzz.0.3.zip

LIBFUZZ 0.3 - CONTAINS 69 DIFFERENT FUZZING TEST CASES IN A SIMPLE C LIBRARY

GPF

http://www.vdalabs.com/tools/GPF.tar.bz2

GPF PROVIDES DEVELOPERS, SECURITY RESEARCHERS, AND QUALITY ASSURANCE PROFESSIONALS THE CAPABILITY TO QUICKLY SEARCH FOR BUGS/VULNERABILITIES IN THE EXPOSED INTERFACE OF NETWORKED APPLICATIONS. GPF USES CAPTURED PACKET SESSIONS (FROM LIBPCAP) TO CONSTRUCT A PROTOCOL DESCRIPTION FROM REAL TRAFFIC. USERS CAN THEN CONFIGURE VARIOUS TYPES OF INJECTED FAULTS, MANUALLY MODIFY THE CAPTURE FILE, AND DEFINE CUSTOM FUNCTIONS TO DEAL WITH DYNAMIC DATA.

EFS

http://www.vdalabs.com/tools/EFS-PaiMei.zip

WE HAVE DESIGNED AND IMPLEMENTED AN EVOLVING FUZZER SYSTEM (EFS) TO HELP FIND NEW VULNERABILITIES. TRADITIONAL FUZZING TECHNIQUES REQUIRE THAT A NEW FUZZER BE BUILT FOR EACH PROTOCOL, A NEVER ENDING PROCESS. EFS ATTEMPTS TO ELIMINATE THIS EFFORT BY DYNAMICALLY LEARNING A PROTOCOL USING CODE COVERAGE AND OTHER FEEDBACK MECHANISMS.

AUTODAFE

http://autodafe.sourceforge.net/

A FUZZING FRAMEWORK ABLE TO UNCOVER BUFFER OVERFLOWS BY USING THE FUZZING BY WEIGHTING ATTACKS WITH MARKERS TECHNIQUE.

TAOF (THE ART OF FUZZING)

http://sourceforge.net/projects/taof/

TAOF IS A GUI CROSS-PLATFORM PYTHON GENERIC NETWORK PROTOCOL FUZZER. IT HAS BEEN DESIGNED FOR MINIMIZING SET-UP TIME DURING FUZZING SESSIONS AND IT IS ESPECIALLY USEFUL FOR FAST TESTING OF PROPRIETARY OR UNDOCUMENTED PROTOCOLS.

INGUMA

http://sourceforge.net/projects/inguma/

INGUMA IS A FREE PENETRATION TESTING AND VULNERABILITY DISCOVERY TOOLKIT ENTIRELY WRITTEN IN PYTHON. FRAMEWORK INCLUDES MODULES TO DISCOVER HOSTS, GATHER INFORMATION ABOUT, FUZZ TARGETS, BRUTE FORCE USERNAMES AND PASSWORDS, EXPLOITS, AND A DISASSEMBLER.

ANTIPARSER

http://sourceforge.net/projects/antiparser/

ANTIPARSER IS AN API/FRAMEWORK FOR GENERATING RANDOM, MALFORMED DATA FOR USE IN FUZZING AND FAULT INJECTION OF NETWORK PROTOCOLS AND FILES FORMATS. ANTIPARSER IS WRITTEN IN PYTHON AND CAN BE IMPORTED BY SCRIPTS THAT IMPLEMENT ADDITIONAL FUZZING LOGIC.

DFUZ

http://www.genexx.org/dfuz/

A REMOTE PROTOCOL FUZZER/TRIGGERER WHICH CAN DO MANY THINGS SUCH AS SENDING RANDOM DATA/RANDOM SIZES, TOGETHER WITH THE DATA YOU WANT. IT HAS A LOT OF WAYS TO TELL THE PROGRAM TO USE THIS DATA BY USING RULE FILES WHICH WILL BE LATER PARSED BY THE PROGRAM ITSELF, AND WITH SEVERAL OPTIONS AND WAYS TO MAKE IT VERY SPECIFIC, AND VERY FLEXIBLE. IT'S NOT ONLY A REMOTE PROTOCOL FUZZER AS ITSELF, BUT IT IS A SCRIPTING-LIKE MOTOR ON WHICH YOU CAN CREATE ANY KIND OF PAYLOAD, USER-FRIENDLY

PEACH

http://www.ioactive.com/v1.5/tools/index.php

A CROSS-PLATFORM FUZZING FRAMEWORK WRITTEN IN PYTHON. PEACHES MAIN GOALS INCLUDE: SHORT DEVELOPMENT TIME, CODE REUSE, EASE OF USE, FLEXIBILITY. PEACH CAN FUZZ JUST ABOUT ANYTHING FROM COM/ACTIVEX, SQL, SHARED LIBRARIES/DLL'S, NETWORK APPLICATIONS, WEB, YOU NAME IT.

SPIKE

http://www.immunitysec.com/downloads/SPIKE2.9.tgz

BASED ON BLOCK BASED PROTOCOL ANALYSIS

BLUETOOTH STACK SMASHER

http://www.secuobs.com/news/05022006-bluetooth10.shtml

BSS (BLUETOOTH STACK SMASHER) IS A L2CAP LAYER FUZZER, DISTRIBUTED UNDER GPL LICENSE.

FUZZBALL2

http://warlord.nologin.org/download/fuzzball2.tar.gz

FUZZBALL2 IS A LITTLE FUZZER FOR TCP AND IP OPTIONS. IT SENDS A BUNCH OF MORE OR LESS BOGUS PACKETS TO THE HOST OF YOUR CHOICE.

FUZZER.PL

http://www.cirt.dk/tools/fuzzer/fuzzer.txt

FUZZER.PL IS AUTOMATED SOFTWARE THAT GENERATES AND SUBMITS RANDOM OR SEQUENTIAL DATA TO VARIOUS AREAS OF AN APPLICATION IN AN ATTEMPT TO UNCOVER SECURITY VULNERABILITIES. FOR EXAMPLE, WHEN SEARCHING FOR BUFFER OVERFLOWS, A TESTER CAN SIMPLY GENERATE DATA OF VARIOUS SIZES AND SEND IT TO ONE OF THE APPLICATION ENTRY POINTS TO OBSERVE HOW THE APPLICATION HANDLES IT.

FUZZLED

http://www.portcullis-security.com/tools/free/Fuzzled-1.0.tar.gz

FUZZLED IS A POWERFUL FUZZING FRAMEWORK. FUZZLED INCLUDES HELPER FUNCTIONS, NAMESPACES, FACTORIES WHICH ALLOW A WIDE VARIETY OF FUZZING TOOLS TO BE DEVELOPED. FUZZLED COMES WITH SEVERAL EXAMPLE PROTOCOLS AND DRIVERS FOR THEM.

FTPFUZZ

http://www.infigo.hr/files/ftpfuzz.zip

INFIGO FTPSTRESS FUZZER IS A SPECIFIC FUZZER FOR FINDING VULNERABILITIES IN FTP SERVER PRODUCTS. ALTHOUGH IT IS A SIMPLE TOOL, IT PROVED ITS EFFICIENCY BY THE NUMBER OF VULNERABILITIES DISCOVERED IN DIFFERENT FTP SERVER SOFTWARE TESTED WITH THIS TOOL.
THE PARAMETERS USED FOR THE FUZZING PROCESS ARE HIGHLY CONFIGURABLE. USER CAN PRECISELY DEFINE WHICH FTP COMMANDS WILL BE FUZZED ALONG WITH THE SIZE AND TYPE OF THE FUZZING DATA.

SNMP FUZZER

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

SNMP FUZZER USES PROTOS TEST CASES WITH AN ENTIRELY NEW ENGINE WRITTEN IN PERL. IT PROVIDES EFFICIENT METHODS OF DETERMINING WHICH TEST CASE HAS CAUSED A FAULT, OFFERS MORE TESTING GRANULARITY AND A FRIENDLIER USER INTERFACE.

OLDFUZZER.PY

http://packetstormsecurity.nl/fuzzer/oldfuzzer.py.txt

ORACLE DATABASE PL/SQL FUZZING TOOL.

OHRWURM

http://packetstormsecurity.org/fuzzer/ohrwurm-0.1.tar.bz2

OR

http://mazzoo.de/blog/2006/08/25

OHRWURM IS A SMALL AND SIMPLE RTP FUZZER. SOME FEATURES INCLUDE THE ABILITY TO READ SIP MESSAGES TO GET INFORMATION OF THE RTP PORT NUMBERS, FUZZING OF RTP TRAFFIC, ALLOWS FOR MITM ATTACKS, AND THE RTP PAYLOAD IS FUZZED WITH A CONSTANT BER. THE BER IS ALSO CONFIGURABLE.

PROXYFUZZ

http://theartoffuzzing.com/joomla/index.php?option=com_content&task=view&id=21&Itemid=40

PROXYFUZZ IS A MAN-IN-THE-MIDDLE NON-DETERMINISTIC NETWORK FUZZER WRITTEN IN PYTHON. PROXYFUZZ RANDOMLY CHANGES (FUZZES) CONTENTS ON THE NETWORK TRAFFIC. IT SUPPORTS TCP AND UDP PROTOCOLS AND CAN ALSO BE CONFIGURED TO FUZZ ONLY ONE SIDE OF THE COMMUNICATION. PROXYFUZZ IS PROTOCOL AGNOSTIC SO IT CAN RANDOMLY FUZZ ANY NETWORK COMMUNICATION.

PROXYFUZZ IS A GOOD TOOL FOR QUICKLY TESTING NETWORK PROTOCOLS AND PROVIDE WITH BASIC PROOF OF CONCEPTS. USING THIS TOOL YOU WILL BE AMAZED BY THE POOR QUALITY OF SOFTWARE AND YOU WILL SEE CLIENTS AND SERVERS DYING UPON UNEXPECTED INPUT, JUST BE PREPARED TO SEE THE VERY WEIRD BEHAVIORS.

WAPTI (WEB APPLICATION VULNERABILITY SCANNER / SECURITY AUDITOR)

http://wapiti.sourceforge.net/

WAPITI ALLOWS YOU TO AUDIT THE SECURITY OF YOUR WEB APPLICATIONS. IT PERFORMS "BLACK-BOX" SCANS, I.E. IT DOES NOT STUDY THE SOURCE CODE OF THE APPLICATION BUT WILL SCANS THE WEBPAGES OF THE DEPLOYED WEBAPP, LOOKING FOR SCRIPTS AND FORMS WHERE IT CAN INJECT DATA. ONCE IT GETS THIS LIST, WAPITI ACTS LIKE FUZZER, INJECTING PAYLOADS TO SEE IF A SCRIPT IS VULNERABLE.

WAPITI CAN DETECT THE FOLLOWING VULNERABILITIES:

  • FILE HANDLING ERRORS (LOCAL AND REMOTE INCLUDE/REQUIRE, FOPEN, READFILE…)
  • DATABASE INJECTION (PHP/JSP/ASP SQL INJECTIONS AND XPATH INJECTIONS)
  • XSS (CROSS SITE SCRIPTING) INJECTION
  • LDAP INJECTION
  • COMMAND EXECUTION DETECTION (EVAL(), SYSTEM(), PASSTRU()…)
  • CRLF INJECTION (HTTP RESPONSE SPLITTING, SESSION FIXATION…)

UNTIDY

http://untidy.sourceforge.net/

UNTIDY IS GENERAL PURPOSE XML FUZZER. IT TAKES A STRING REPRESENTATION OF A XML AS INPUT AND GENERATES A SET OF MODIFIED, POTENTIALLY INVALID, XMLS BASED ON THE INPUT. THIS PROJECT IS CURRENTLY HOSTED AT SOURCEFORGE.

WFUZZ

http://www.edge-security.com/wfuzz.php

WFUZZ IS A TOOL DESIGNED FOR BRUTEFORCING WEB APPLICATIONS, IT CAN BE USED FOR FINDING RESOURCES NOT LINKED (DIRECTORIES, SERVLETS, SCRIPTS, ETC), BRUTEFORCE GET AND POST PARAMETERS FOR CHECKING DIFFERENT KIND OF INJECTIONS (SQL, XSS, LDAP, ETC), BRUTEFORCE FORMS PARAMETERS (USER/PASSWORD), FUZZING,ETC.

IT'S VERY FLEXIBLE; HERE ARE SOME OF THE FUNCTIONALITIES:

  • RECURSION (WHEN DOING DIRECTORY BRUTEFORCE)
  • POST DATA BRUTEFORCING
  • OUTPUT TO HTML (EASY FOR JUST CLICKING THE LINKS AND CHECKING THE PAGE, EVEN WITH POSTDATA)
  • COLORED OUTPUT ON ALL SYSTEMS
  • HIDE RESULTS BY RETURN CODE, WORD NUMBERS, LINE NUMBERS, ETC.
  • URL ENCODING
  • COOKIES
  • MULTITHREADING
  • PROXY SUPPORT
  • ALL PARAMETERS BRUTEFORCING (POST AND GET)
  • DICTIONARIES TAILORED FOR KNOWN APPLICATIONS (WEBLOGIC, IPLANET, TOMCAT, DOMINO, ORACLE 9I,
  • VIGNETTE, COLDFUSION AND MANY MORE. (ALL DICTIONARIES ARE FROM DARKRAVER'S DIRB, WWW.OPEN-LABS.ORG)

WSFUZZER

http://www.neurofuzz.com/modules/software/wsfuzzer.php

THE PROGRAM CURRENTLY TARGETS WEB SERVICES. IN THE CURRENT VERSION HTTP BASED SOAP SERVICES ARE THE ONLY SUPPORTED TARGETS. THIS TOOL WAS CREATED BASED ON, AND TO AUTOMATE, SOME OF THE MANUAL SOAP PEN TESTING WORK WE PERFORM. THIS TOOL IS NOT MEANT TO BE A REPLACEMENT FOR SOLID MANUAL HUMAN ANALYSIS, AAMOF WE ARE CONCEPTUALLY AGAINST THAT. PLEASE VIEW WSFUZZER AS A TOOL TO AUGMENT ANALYSIS PERFORMED BY COMPETENT AND KNOWLEDGABLE PROFESSIONALS. WEB SERVICES ARE NOT TRIVIAL IN NATURE SO EXPERTISE IN THIS AREA IS A MUST FOR PROPER PEN TESTING.

SOME OF THE FEATURES OF WSFUZZER ARE:

  • ATTACKS A WEB SERVICE BASED ON EITHER VALID WSDL, A VALID ENDPOINT & NAMESPACE, OR IT CAN TRY TO INTELLIGENTLY DETECT WSDL FOR A GIVEN TARGET. AS OF VERSION 1.6 WSFUZZER INCLUDES A SIMPLE TCP PORT SCANNER.
  • IT GIVES YOU THE ABILITY TO HANDLE METHODS WITH MULTIPLE PARAMETERS. EACH PARAMETER IS HANDLED AS A UNIQUE ENTITY AND CAN EITHER BE ATTACKED OR LEFT ALONE. AS OF VERSION 1.8.1 THIS WAS TAKEN ONE STEP FURTHER, THERE ARE NOW 2 MODES OF ATTACKING PARAMETERS. THE TRADITIONAL MODE IS UNCHANGED AND IS NOW CALLED "INDIVIDUAL" MODE DUE TO THE FACT THAT EACH PARAM IS FUZZED INDIVIDUALLY. THE NEW MODE IS "SIMULTANEOUS" AND ATTACKS MULTIPLE PARAMETERS SIMULTANEOUSLY WITH A GIVEN DATA SET. SEE THE USAGE EXAMPLES BELOW FOR MORE INFO.
  • THE FUZZ GENERATION (ATTACK STRINGS) CONSISTS OF A COMBINATION OF A DICTIONARY FILE, SOME OPTIONAL DYNAMIC LARGE INJECTION PATTERNS, AND SOME OPTIONAL METHOD SPECIFIC ATTACKS INCLUDING AUTOMATED XXE AND WSSE ATTACK GENERATION.
  • THE TOOL PROVIDES THE OPTION OF USING SOME IDS EVASION TECHNIQUES WHICH MAKES FOR A POWERFUL SECURITY INFRASTRUCTURE (IDS/IPS) TESTING EXPERIENCE.
  • A TIME MEASUREMENT OF EACH ROUND TRIP BETWEEN REQUEST AND RESPONSE IS NOW PROVIDED TO AID IN RESULTS ANALYSIS.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License