Menu
▾
▴
powerfuzzer-en
powerfuzzer
Phase(s):
Primary: Discovery.
Secondary: N/A.
Description:
Tool that execute "fuzzing" techniques on web applications in order to detect common vulnerabilities.
Objective:
- Detect common vulnerabilities present on the web application.
Features:
Supported technologies: Web application (HTTP/HTTPS).
Operative mode: Active.
Detect common vulnerabilities present on the web application.
- Provides "fuzzing" techniques to detect predefined common vulnerabilities: Cross Site Scripting, Cross Path, Insecure Redirects
- Works on GET requests testing URL parameters.
Reports:
Output reports: ✔
Reports in TXT, XML, HTML format containing:
- Detected vulnerabilities.
- Vulnerable URL with the "payload" used.
Basic usage:
Perform a basic "fuzzing" on a web application.Start the application and in the field "Target URL" enter the URL to test that contains parameters (GET).
Press the "Scan" button to start the test. The tool began testing the parameters provided in the URL against the "payload" predefined order to analyze the results of the requests made.
When the tool identifies the presence of a vulnerability in red show the occurrence.
Finally, testing is complete the "Scan Reports" window will be displayed with the outcomes identified:
Plain text report example:
Findings summary
XSS (info) in http://127.0.0.1:9002/application/file.jsp
Vulnerable URL: http://127.0.0.1:9002/application/file.jsp?info=<script>var+pf_687474703a2f2f3139322e3136382e3234352e3132393a393030322f6170706c69636174696f6e2f66696c652e6a7370_696e666f=new+Boolean();</script>
XSS (info) in http://127.0.0.1:9002/application/file.jsp
Vulnerable URL: http://127.0.0.1:9002/application/file.jsp?info=<script>var+pf_687474703a2f2f3139322e3136382e3234352e3132393a393030322f6170706c69636174696f6e2f66696c652e6a7370_696e666f=new+Boolean();</script>
Resources:
Link: http://www.powerfuzzer.com/
Author(s): Marcin Kozlowski
Contact: http://sourceforge.net/projects/powerfuzzer/support
License: GNU General Public License version 2.0 (GPLv2)