Skip to content

simple Web Fuzzer for detect XSSi, SQLi, Blind SQLi, OSi and Blind OSi

License

Notifications You must be signed in to change notification settings

baekseoheon/Web-Fuzzer-1

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Web-Fuzzer

General info

simple Web Fuzzer

  1. crawling : colect all internal url ( Crawler.py )
  2. use selenium and BeautifulSoup to detect form & input params for fuzzing
  3. inject payload
  4. Check responses to detect vulnerabilities

Requirements

  • python3
  • use virtual environments & install requirements packages (gist)
  • Chrome web driver : Download it from the address below and put it in the Wuzzer folder
    Chrome:    https://sites.google.com/a/chromium.org/chromedriver/downloads
    

Usage

for test on DVWA :

cd Wuzzer
python Wuzzer.py --test --XSSi --SQLi --BSQLi --CMDi --BCMDi 

for more options :

python Wuzzer.py -h

Test on DVWA Docker

  • Run image
    docker run --rm -it -p 80:80 vulnerables/web-dvwa
  • Database Setup

    http://127.0.0.1/setup.php

  • Login with default credentials
    • Username: admin
    • Password: password

Task-Lists

  • Xss Injecyion attack
  • SQL Injecyion attack
  • Blind SQL Injecyion attack
  • Cmd Injecyion attack
  • Blind Cmd Injecyion attack
  • complete Document
  • threading support
  • use proxy

Related Link

Vulnerable Web Applications

  • OWASP Vulnerable Web Applications Directory (github) (owasp)
  • Web vulnerability collection (github)

Payloads

XSS

Related work

  • Most advanced XSS scanner (XSStrike)
  • Automatic SQL injection and database takeover tool (sqlmap)
  • Web fuzzers review (pentestbook)

security game

About

simple Web Fuzzer for detect XSSi, SQLi, Blind SQLi, OSi and Blind OSi

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%