标签 ‘Fuzzer’ 下的日志

Powerfuzzer

软件主页:http://powerfuzzer.sourceforge.net/ (via tr4c3)

Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering website and identifying inputs.

Don’t have a clue what a Fuzzer/Fuzz testing is ? Not a problem, read on here

Currently, it is capable of identifying these problems:
– Cross Site Scripting (XSS)
– Injections (SQL, LDAP, code, commands, and XPATH)
– CRLF
– HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)
阅读全文 »

Tags:

WEB暴力破解–我用wvs fuzzer

鬼仔注:以前发过Acunetix Web Vulnerability Scanner V5.1 破解版

Writer: demonalex[at]dark2s[dot]org

讲到WEB暴力破解通过大家都会用小榕的溯雪,但并不是所有WEB破解溯雪都是应付自如的(不要说我说小榕他老人家的坏话),最近因为工作的关系,碰到一个网管型设备的WEBPORTAL需要做WEB破解,看看HTML的源码:

阅读全文 »

Tags: , , , ,

PaiMei

Pedram Amini同学写的工具,Paimei去年还是前年刚出来的时候,dm牛牛就发到了论坛,非常好用的一个工具,很多漏洞重现起来很麻烦,用这个基本上十几分钟就能出来。
最近又有人写了一个教学,不会的同学可以去看看

PaiMei is a reverse engineering framework consisting of multipleextensible components. The goal of the framework is to reduce the timefrom "idea" to prototype to a matter of minutes, instead of days.PaiMei 阅读全文 »

Tags: ,

Fuzzers

来源:zwell's blog

关键字(Keywords) : fuzzing, fuzz testing, fuzzer.

antiparser
antiparser is a fuzz testing and fault injection API. The purpose of antiparser is to provide an API that can be used to model network protocols and file formats by their composite data types. Once a model has been created, 阅读全文 »

Tags: