parameterfuzz

Parameter´s auditor for web applications

v2.0 FINAL VERSION

http://www.enelpc.com/p/parameterfuzz.html

v1.9

https://docs.google.com/uc?id=0B74kMAGqImI9VlJ6TXVlV3p6NmM

v1.8

https://docs.google.com/uc?id=0B74kMAGqImI9YmhITTJVX0NnSVk

----------------------------------------------------------------------------

Description

ParameterFuzz is a tool to check the level of fortification in web applications, try to cover the field more exploited by hackers, as the majority of known attacks are based on exploiting poorly filtered parameters. Just as SQL injection, Cross Site Scripting or RFI among others. This tool is designed to perform security audits manually, however it is possible to automate the audit process.

It can be used for a lot of purposes such as:

  1. Dictionary attacks to parameters and folders
  2. Manual and automatic attacks to web applications
  3. Browse the source code viewing
  4. View logs of results
  5. Encoder/Decoder tool
  6. Spidering attacks
  7. Leaks detection
  8. SQL Injection detection
  9. Changes in the HTTP headers
  10. Extract valid parameters of the source code
  11. imagination...¿?

Video Tutorial (Spanish)

http://www.youtube.com/watch?feature=player_embedded&v=rZBuyZp7NlM' target='_blank'>http://img.youtube.com/vi/rZBuyZp7NlM/0.jpg' width='425' height=344 />

Options & Tools

ParameterFuzz includes a list of options and tools with which you can interact from the main form, GET and POST.

http://4.bp.blogspot.com/-IfqEAy3WhpE/Uvj7tzZEAEI/AAAAAAAABT4/jgNXT8SIkvA/s1600/tools.png

SQLi Detector:

http://1.bp.blogspot.com/-y8bVionox_M/UfPcJOY18sI/AAAAAAAABOs/wWw-LJbSBqM/s640/ParameterFuzz%252B2.png

Leaks Detector:

http://2.bp.blogspot.com/-pgGjBqupefs/UvkAkEU4uKI/AAAAAAAABUU/FTWlbzic-1E/s1600/2014-02-10+17_35_12-XSS+PARAMETER..png

URL Spider:

http://1.bp.blogspot.com/-uexY_qZU2yw/Uvj7t8L88LI/AAAAAAAABT0/TF_XeVg5pFY/s1600/spider.png

Input's Parameters:

http://2.bp.blogspot.com/-pijDeyQwlgg/UfPcIhYCTgI/AAAAAAAABOc/5ej0e9cVngI/s1600/ParameterFuzz%252B1.png

Grep Extractor:

http://4.bp.blogspot.com/-YpyyYoPLboU/Uvj7tf-YdxI/AAAAAAAABTw/X96Ewq8z-oE/s1600/grep.png

Robots Extractor:

http://1.bp.blogspot.com/-eofgNxQYqlo/Uvj7sF2JiRI/AAAAAAAABTo/EqVmAYPu4RQ/s1600/Robots.png

Project Information

The project was created on Apr 23, 2013.

Labels:
Fuzzing security testing websecurity pentesting parametermanipulation SQLi XSS LFI RFI Vulnerability