Powerfuzzer: HTTP protocol based application fuzzer

Powerfuzzer is a free application capable of spidering website and identifying inputs. From practical view, pen tester point of view, it can be considered a Web Application Vulnerability Scanner, however given its design and specifications it has much more potential. Fuzz testing, fuzzing,  is a software testing technique that provides random data (“fuzz”) to the inputs of a program. The great advantage of fuzz testing is that the test design is extremely simple, and free of preconceptions about system behavior.



Currently, it is capable of identifying these problems:

  • Cross Site Scripting (XSS)
  • Injections (SQL, LDAP, code, commands, and XPATH)
  • CRLF
  • HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)

Leave a Reply