Monday, August 8, 2011

Wfuzz 2.0 released!

Hi All!


After Christian presentation at BlackHat/2011 Tools Arsenal, I'm pleased to announce  a new version of WFuzz! It is now more flexible, dynamic and extensible than ever!

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections, bruteforce Forms parameters (User/Password), Fuzzing,etc.

Highlights in this version:


- Infinite payloads. You can now define as many FUZnZ words as you need .
- Multiple encoders per payload. You can now define as many encoders as you need for each payload independently.
- Payload combination. You can now combine your payloads in different ways by specifying 
iterators.
- Increased flexibility. You can now define in an easy way new payloads, iterators, encoders and output handlers and they will be part of wfuzz straight away.
- Baseline support. You can now define a default value for each payload and compare the results against them.



Other new features include:

- New payloads
- New encoders
- Magictree output
- Support for multiple proxies
- Time delay between requests
- Follow HTTP redirects
- Fuzz within HTTP methods
- HTTP HEAD scan
- SOCKS4/SOCKS5 support

More detailed examples in the README and the google code project page !


Stay tuned! We have a lot of improvements and ideas coming up!

No comments: