OWASP WebSlayer라는 fuzzing 툴을 배포했다. 현재 베타 버진이긴 하지만 웹 퍼징 툴이 필요한 사람들한테 매우 유용하게 쓰일거 같다 ^^;
○ WebSlayer fuzzing
It's possible to perform attacks like:
- Predictable resource locator: it can find directories and scripts based on
well known dictionaries, recursion supported
- Login forms brute force
- Session brute force
- Parameter brute force
- Parameter Injection (XSS, SQL, etc)
- Basic and Ntml Bruteforcing
Some features are:
- Encodings: 15 encodings supported
- All parameters attack: the tool will inject the payload in every parameter
- Authentication: supports Ntml and Basic
- Multiple payloads: you can use 2 paylods in different parts
- Proxy support (authentication supported)
- For predictable resource location it has: Recursion, common extensions,
non standard code detection
- Multiple filters for improving the performance and for producing cleaner results
- Live filters
- Threads
- Session export
- Integrated browser (webKit)
- Predefined dictionaries for predictable resource location, based on
known servers (Thanks to Dark Raver, http://www.open-labs.org/)
공식 사이트 : https://www.owasp.org/index.php/Category:OWASP_Webslayer_Project
툴 다운로드 : http://code.google.com/p/webslayer/downloads/list
참고 사이트 : http://www.edge-security.com/webslayer.php
It's possible to perform attacks like:
- Predictable resource locator: it can find directories and scripts based on
well known dictionaries, recursion supported
- Login forms brute force
- Session brute force
- Parameter brute force
- Parameter Injection (XSS, SQL, etc)
- Basic and Ntml Bruteforcing
Some features are:
- Encodings: 15 encodings supported
- All parameters attack: the tool will inject the payload in every parameter
- Authentication: supports Ntml and Basic
- Multiple payloads: you can use 2 paylods in different parts
- Proxy support (authentication supported)
- For predictable resource location it has: Recursion, common extensions,
non standard code detection
- Multiple filters for improving the performance and for producing cleaner results
- Live filters
- Threads
- Session export
- Integrated browser (webKit)
- Predefined dictionaries for predictable resource location, based on
known servers (Thanks to Dark Raver, http://www.open-labs.org/)
공식 사이트 : https://www.owasp.org/index.php/Category:OWASP_Webslayer_Project
툴 다운로드 : http://code.google.com/p/webslayer/downloads/list
참고 사이트 : http://www.edge-security.com/webslayer.php
