Simple Web Fuzzer
- Crawling : Collects All Internal URL ( Crawler.py )
- Uses Selenium And BeautifulSoup to Detect Form & Input Params For Fuzzing
- Injects Payloads
- Checks Responses to Detect Vulnerabilities
- Python3
- Use Virtual Environments & Install Requirements Packages (gist)
- Chrome Web Driver : Download It From The Address Below And Put It in The Wuzzer Folder
Chrome: https://sites.google.com/a/chromium.org/chromedriver/downloads
For Test on DVWA :
cd Wuzzer
python Wuzzer.py --test --XSSi --SQLi --BSQLi --CMDi --BCMDi For More Options :
python Wuzzer.py -hTest on DVWA Docker
- Run Image
docker run --rm -it -p 80:80 vulnerables/web-dvwa
- Database Setup
- Login with Default Credentials
- Username: admin
- Password: password
- Xss Injection Attack
- SQL Injection Attack
- Blind SQL Injection Attack
- Command Injection Attack
- Blind Command Injection Attack
- Complete Document
- Threading Support
- Use Proxy
- Cheatsheet_XSS_Vectors.txt (Cheatsheet-God github)
- XSS_Alert.txt (PayloadsAllTheThings github)
- SQL.txt (wfuzz github)
- Blind_Sqli.txt (sql-injection-payload-list github)
- Cross-Site Scripting (XSS) Cheat Sheet (portswigger)
- XSS Injection (PayloadsAllTheThings github)
- Cross-Site Scripting (XSS) (Resources-for-Beginner-Bug-Bounty-Hunters github)
- Most Advanced XSS Scanner (XSStrike)
- Automatic SQL Injection and database takeover tool (sqlmap)
- Web Fuzzers Review (pentestbook)
- XSS Game By Google (xss-game)
- xssgame
- Alert(1) to Win (alf.nu)
- Prompt(1) to Win (prompt.ml)
- Prompt("sibears") to Win (xss school)