Audience
Individuals wanting a tool to find vulnerabilities in their code and test their applications
About API Fuzzer
API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.
Pricing
Starting Price:
Free
Free Version:
Free Version available.
Company Information
Fuzzapi
github.com/Fuzzapi/API-fuzzer
Videos and Screen Captures
Wfuzz
Wfuzz provides a framework to automate web application security assessments and could help you secure your web applications by finding and exploiting web application vulnerabilities. You can also run Wfuzz from the official Docker image. Wfuzz is based on the simple concept that it replaces any reference to the fuzz keyword with the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing it to perform complex web security attacks in different web application components such as parameters, authentication, forms, directories/files, headers, etc. Wfuzz’s web application vulnerability scanner is supported by plugins. Wfuzz is a completely modular framework and makes it easy for even the newest Python developers to contribute. Building plugins is simple and takes little more than a few minutes.
Learn more
Defensics
Defensics is a comprehensive, versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and remediate security weaknesses in software. Identify defects and zero-day vulnerabilities in services and protocols. The generational fuzzer takes an intelligent, targeted approach to negative testing. Advanced file and protocol template fuzzers enable users to build their own test cases. The SDK allows expert users to use the Defensics framework to develop their own test cases. Defensics is a black box fuzzer, meaning it doesn’t require source code to run. With Defensics, users can secure their cyber supply chain to ensure the interoperability, robustness, quality, and security of software and devices before introducing them into IT or lab environments. Properly executed fuzzing techniques can provide a low-cost, efficient means of finding vulnerabilities, covering more code paths and value iterations than a manual analysis can perform.
Learn more
Wapiti
Wapiti is a web application vulnerability scanner. Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed web app, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms, and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Search for potentially dangerous files on the server. Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart forms and can inject payloads in filenames (upload). Warnings are raised when an anomaly is found (for example 500 errors and timeouts). Wapiti is able to make the difference between permanent and reflected XSS vulnerabilities. Generates vulnerability reports in various formats (HTML, XML, JSON, TXT, CSV).
Learn more
Radamsa
Radamsa is a test case generator for robustness testing or fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs from them. The main selling points of Radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable, and, easy to get up and running. Fuzzing is one of the techniques to find unexpected behavior in programs. The idea is simply to subject the program to various kinds of inputs and see what happens. There are two parts to this process: getting the various kinds of inputs and how to see what happens. Radamsa is a solution to the first part, and the second part is typically a short shell script. Testers usually have a more or less vague idea of what should not happen, and they try to find out if this is so.
Learn more
You Might Also Like
BrightGauge, a ConnectWise solution, was started in 2011 to fill a missing need in the small-to-medium IT Services industry: a better way to manage data and provide the value of work to clients. BrightGauge Software allows you to display all of your important business metrics in one place through the use of gauges, dashboards, and client reports. Used by more than 1,800 companies worldwide, BrightGauge integrates with popular business solutions on the market, like ConnectWise, Continuum, Webroot, QuickBooks, Datto, IT Glue, Zendesk, Harvest, Smileback, and so many more. Dig deeper into your data by adding, subtracting, multiplying, and dividing one metric against another. BrightGauge automatically computes these formulas for you. Want to show your prospects how quick you are to respond to tickets? Show off your data with embeddable gauges on public sites.
Product Details
Platforms Supported
Windows
Mac
Linux
Training
Documentation
Support
Online