Sqlifuzzer is an open source wrapper for cURL written in bash, that can be used to remotely identify SQL injection and and XPath injection vulnerabilities. It does this by sending some SQL injection payloads and examining the responses for signs of ‘injectability’.
Sqlifuzzer was designed out of a desire to hit every dynamic parameter of a web app [...]
Fuzzing
The memmon executable monitors a linux process and provides summary statistics about the memory usage of the process after it terminates. memmon command provides a utility for monitoring the memory usage of a process. In particular, memmon provides a convenient mechanism to report the maximum amount of memory that a process uses.
Vejovis is a project [...]
backfuzz can be basically used to fuzz different protocols such as FTP, HTTP, IMAP, etc but also has no-protocol plug-ins Example: File Fuzzer. The general idea is that this script has several functions already predefined in the file “functions.py”, so whoever wanna write his own plugin’s for another diffrent protocol in a few lines and [...]
Our first post about the IOCTL Fuzzer can be found here. It was a long time ago and now it has been updated to IOCTL Fuzzer version 1.3.
“IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them. Current OS support (x32 and [...]
NTO SQL Invader gives the ability to quickly and easily exploit or demonstrate SQL Injection vulnerabilities in Web applications. With a few simple clicks, we will be able to exploit a vulnerability to view the list of records, tables and user accounts of the back-end database.
Features of NTO SQL Invader
Easy to use – The tool’s [...]
Finally! We have another w3af release! We now have w3af version 1.1!We spoke about it in detail here.
“w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully [...]
Our first post regarding WebSurgery can be found here. Now, the author has released an update – WebSurgery version 0.6!
“WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable [...]
We have talked about fuzzdb in detail here. Now, it has been updated to fuzzdb version 1.09!
“fuzzdb aggregates known attack patterns, predictable resource names, server response messages, and other resources like web shells into the most comprehensive Open Source database of malicious and malformed input test cases.”
This is the updated fuzzdb change log:
Thanks to lawKnee, [...]