fuzzer
Web Application Fuzz Testing Tool for SE 331 Engineering Secure Software.
Setup
This application requires Ruby >=2.0, Bundler, and the Mechanize gem (available from RubyGems).
To install Mechanize, run bundle install from the project root directory.
Usage
fuzz [discover | test] url OPTIONS
COMMANDS:
discover Output a comprehensive, human-readable list of all discovered inputs to the system. Techniques include both crawling and guessing.
test Discover all inputs, then attempt a list of exploit vectors on those inputs. Report potential vulnerabilities.
OPTIONS:
--custom-auth=string Signal that the fuzzer should use hard-coded authentication for a specific application (e.g. dvwa). Optional.
Discover options:
--common-words=file Newline-delimited file of common words to be used in page guessing and input guessing. Required.
Test options:
--vectors=file Newline-delimited file of common exploits to vulnerabilities. Required.
--sensitive=file Newline-delimited file data that should never be leaked. It's assumed that this data is in the application's database (e.g. test data), but is not reported in any response. Required.
--random=[true|false] When off, try each input to each page systematically. When on, choose a random page, then a random input field and test all vectors. Default: false.
--slow=500 Number of milliseconds considered when a response is considered "slow". Default is 500 milliseconds
Examples:
# Discover inputs
fuzz discover http://localhost:8080 --common-words=mywords.txt
# Discover inputs to DVWA using our hard-coded authentication
fuzz discover http://localhost:8080 --common-words=mywords.txt
# Discover and Test DVWA without randomness
fuzz test http://localhost:8080 --custom-auth=dvwa --common-words=words.txt --vectors=vectors.txt --sensitive=creditcards.txt --random=false
License
MIT
Contributors
- Peter Mikitsh
- Akshay Karnawat
- Matthew Stevens