Fuzzing

crithit

Website Directory and file brute forcing at extreme scale. CritHit takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next wordlist item. The intention of brute foricng in this manner is to avoid low limit Web Application Firewall (WAF) bans and to allow brute forcing to run faster than it normally would when approaching any single host with multiple simultaneous requests.

Fuzzing

ffuf

A fast web fuzzer written in Go.

Fuzzing

ffuf-multi

A fast web fuzzer written in Go.

Fuzzing

ffuf-multi-od

A fast web fuzzer written in Go.

Fuzzing

ffuf-od

A fast web fuzzer written in Go.

Fuzzing

ffuf-virtual-hosts

A fast web fuzzer written in Go, packaged for virtual host discovery

Fuzzing

medusa

Fastest recursive HTTP fuzzer, like a Ferrari. Known issues socket: too many open file The solution to this is to increase ulimit, you can solve this problem by typing ulimit -n 8129 before running Medusa.

Fuzzing

paramspider

Finds parameters from web archives of the entered domain. Finds parameters from subdomains as well. Gives support to exclude urls with specific extensions. It mines the parameters from web archives (without interacting with the target host).

Fuzzing

shortscan

An IIS short filename enumeration tool

Fuzzing

wfuzz

Wfuzz can be used to look for hidden content, such as files and directories, within a web server, allowing to find further attack vectors. It is worth noting that, the success of this task depends highly on the dictionaries used.

Fuzzing

x8

The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.