Powerfuzzer: HTTP protocol based application fuzzer

Powerfuzzer is a free application capable of spidering website and identifying inputs. From practical view, pen tester point of view, it can be considered a Web Application Vulnerability Scanner, however given its design and specifications it has much more potential. Fuzz testing, fuzzing,  is a software testing technique that provides random data (“fuzz”) to the inputs of a program. The great advantage of fuzz testing is that the test design is extremely simple, and free of preconceptions about system behavior.

 

Powerfuzzer
Powerfuzzer

Currently, it is capable of identifying these problems:

  • Cross Site Scripting (XSS)
  • Injections (SQL, LDAP, code, commands, and XPATH)
  • CRLF
  • HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)

Leave a Reply