|
Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working. Yes, there was a gap on the market in that arena and that's why Powerfuzzer project was created. It is capable of spidering website and identifying inputs. From practical view, pen tester point of view, it can be considered a Web Application Vulnerability Scanner, however given its design and specifications it has much more potential.Currently, it is capable of identifying these problems: - Cross Site Scripting (XSS)
- Injections (SQL, LDAP, code, commands, and XPATH)
- CRLF
- HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)
Designed and coded to be modular and extendable. Adding new checks should simply entail adding new methods. |
|
|
