Powerfuzzer - um fuzzer para sites web


Project Website
================

http://powerfuzzer.sourceforge.net


Project Description
================

Powerfuzzer is a highly automated web fuzzer based on many other Open Source
fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz,
webscarab,wapiti, Socket Fuzzer) and information gathered from numerous
security resources and websites. It is capable of spidering website and
identifying inputs.

Currently, it is capable of identifying these problems:
- Cross Site Scripting (XSS)
- Injections (SQL, LDAP, code, commands, and XPATH)
- CRLF
- HTTP 500 statuses (usually indicative of a possible
misconfiguration/security flaw incl. buffer overflow)

Designed and coded to be modular and extendable. Adding new checks should

simply entail adding new methods.

texto directamente pilhado daqui