Home

Description

FuzzingTool is a web penetration testing tool, that handles with fuzzing. After the test is completed, all possible vulnerable entries (and the response data) are saved on a report file.

Disclaimer

We're not responsible for the misuse of this tool. This project was created for educational purposes and should not be used in environments without legal authorization.

References

FuzzingTool wouldn't be what it is today without these projects, I recommend you to take a look at them:

• wfuzz - Web application fuzzer by @Xavi Mendez;
• dirsearch - Web path scanner by @Mauro Soria;
• Turbo Search - The most powerfull Web Content Scanner by @Helvio Junior;
• fuff - Fast web fuzzer written in Go by Fuff;
• headerFuzzer.sh - A header fuzzer written in bash by @Bruno Menozzi

Table of Contents

• Getting Started
  • Installing
  • Prerequisites
• Usage Examples
  • HTTP verb Fuzzing
  • Data Fuzzing
  • URL Fuzzing
  • Reading raw HTTP request
  • Using multiple wordlists
• Basic Usage
  • The Result class
  • Matching results
  • Filtering results
  • Blacklisting status codes
  • Default scanners
  • Default wordlists
• Advanced Usage
  • Plugin scanners
  • Plugin wordlists
  • Encoders
• FuzzingTool Library
  • API
  • Library parameters