Wfuzz Description

Wfuzz is a framework for automating web application security assessments. It could help you secure web applications by finding web application vulnerabilities and exploiting them. You can also run the Wfuzz image from Docker. Wfuzz works on the simple principle that it replaces all references to the fuzz keyword by the value of the payload. In Wfuzz, a payload is a data source. This simple concept allows for any input to be injected into any field of an HTTP Request, allowing for complex web security attacks to be performed in different web application components, such as parameters and authentication, forms, directories/files or headers. Plugins are used to support Wfuzz's vulnerability scanner for web applications. Wfuzz's modular structure makes it easy to contribute, even for the newest Python programmers. The process of creating plugins is easy and takes only a few moments.

Wfuzz Alternatives
Awesome Fuzzing Reviews
Awesome Fuzzing
Awesome Fuzzing contains a list of fuzzing materials, including books, free and paid courses, videos, tutorials, vulnerable applications, and tools to help you learn fuzzing, as well as the initial phases of exploit creation, such root cause analysis. Videos on fuzzing courses/training, videos discussing fuzzing tools, techniques, and best practices. Blogs, conference talks, tutorials, tools for fuzzing, and fuzzers to help fuzze applications that use network protocols like HTTP, SSH and SMTP. Search for exploits that have apps available to download and then reproduce the exploit using the fuzzer you choose. Set of tests to test fuzzing engines. Includes different well-known bugs. Includes a corpus of files in various formats for fuzzing multiple target targets.
Learn more
Google OSS-Fuzz Reviews
Google OSS-Fuzz
OSS-Fuzz provides continuous fuzzing to open source software. Fuzz testing is an established technique for detecting programming errors in software. Many of these detectable mistakes, such as buffer overflow, have serious security implications. Google has discovered thousands of security flaws and stability bugs through guided in-process fuzzing of Chrome components. We now want to share this service with the open-source community. OSS-Fuzz aims at making open source software more stable and secure by combining modern fuzzing with scalable, distributive execution. ClusterFuzzLite or ClusterFuzz is available for projects that do not qualify to use OSS-Fuzz. OSS-Fuzz currently supports C/C++ code, Rust code, Go code, Python code, and Java/JVM. Other languages supported by LLVM could also work. OSS-Fuzz can fuzz both x86_64 builds and i386 versions.
Learn more
APIFuzzer Reviews
APIFuzzer
APIFuzzer is a tool that reads your API description, and fuzzes each field step-by-step to determine if your application will be able to handle the fuzzed parameter. It does not require any coding. Parse API definitions from a remote URL or local file. Support for JSON and YAML files. All HTTP methods can be used. Support for fuzzing the request body, path parameter, query string and request header. Supports CI integration and relies on random mutations. Create JUnit XML format for test reports. Send a request using an alternative URL. Support HTTP basic authentication from the configuration. Save the JSON formatted report of the failed tests into the preconfigured folder.
Learn more
OWASP WSFuzzer Reviews
OWASP WSFuzzer
Fuzz testing or fuzzing is a software testing technique, that basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Consider an integer that stores the result of the user's selection between three questions. When the user selects one, he will have the option of choosing 0, 1, or 2. This gives us three possible cases. Integers will be stored in a static variable. If the default switch case is not implemented properly, the program can crash and cause "classical" security problems. Fuzzing is a form of automatic bug detection. Its role is to identify software implementation faults, and if possible, find them. A fuzzer program is a program which injects semi-random information into a stack or program and detects bugs. Generators are used to generate data, while debugging tools are used to identify vulnerabilities. Generators use a combination of static fuzzing vectors.
Learn more

Pricing

Pricing Starts At:
Free
Free Version:
Yes

Integrations

View Integrations

Reviews

Total
ease
features
design
support

No User Reviews. Be the first to provide a review:

Write a Review

Company Details

Company:
Wfuzz
Website:
wfuzz.readthedocs.io

Media

Wfuzz Screenshot 1
Wfuzz Screenshot 1 Wfuzz Screenshot 2
Recommended Products
1Password makes it easy to store and share passwords anywhere, anytime Icon
1Password makes it easy to store and share passwords anywhere, anytime

More than a password manager.

Protect yourself, your family, or your global workforce with simple security, easy secret sharing, and actionable insight reports.
Start Today

Product Details

Platforms
SaaS
Windows
Mac
Type of Training
Documentation
Customer Support
Online

Wfuzz Features and Options

Wfuzz User Reviews

Write a Review
  • Previous
  • Next