Powerfuzzer is a free application capable of spidering website and identifying inputs. From practical view, pen tester point of view, it can be considered a Web Application Vulnerability Scanner, however given its design and specifications it has much more potential. Fuzz testing, fuzzing, is a software testing technique that provides random data (“fuzz”) to the inputs of a program. The great advantage of fuzz testing is that the test design is extremely simple, and free of preconceptions about system behavior.
Currently, it is capable of identifying these problems:
- Cross Site Scripting (XSS)
- Injections (SQL, LDAP, code, commands, and XPATH)
- CRLF
- HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)