HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

FuzzingTool v3.14 - web penetration testing tool

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,456
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
166966746-b4e8f130-eeb7-4ba4-a7b0-b385a81bb16e.png


FuzzingTool is a web penetration testing tool, that handles with fuzzing. After the test is completed, all possible vulnerable entries (and the response data) are saved on a report file.

Changelog v3.14

New features

    Added a replay proxy option --replay-proxy PROXY;
    Added a Matcher option to match responses by regex -Mr REGEX;
    Added Filter:
        Exclude responses by status codes -Fc STATUS;
        Exclude responses by regex -Fr REGEX;
    Added recursion jobs feature:
        Plugin scanners now can enqueue payloads for the next job when needed;
        Added directory recursion feature (--recursion) on path fuzzing;
        The user can set the maximum recursion level from jobs (--max-rlevel RLEVEL);
    Added option to set multiple plugin scanners (when use multiple --scanner argument);
    Added plugin scanners:
        Backups;
        Wappalyzer;

Removed features

    Removed the use of multiple http methods;
    Removed Find plugin (replaced by match by regex);

Bugfix

    Fixed a bug with match logic on Matcher, when set multiple match options and only one is considered;
    Fixed a bug with DnsZone plugin when set an invalid hostname;
    Fixed a split string error on function split_str_to_list;

CLI output changes

    When do a subdomain fuzzing, the ip address will no longer be shown on cli output. It’ll only be stored in the report file;
    Added a progress bar (credits to Dirsearch for the idea)

Other changes

    Changed the program binary name from FuzzingTool to fuzzingtool;
    Now the Dictionary object will enqueue Payload objects into the payloads queue;
    Each Payload has his own recursion level attribute (Payload.rlevel) to tell about the job recursion level;
    Now the wordlist creation and build are threaded;

Code refactored

    Added HttpHistory object to store the information about the request and response into the result object, including the ip address when do a subdomain fuzzing;
    Moved some functions from http_utils module to UrlParse class;
    Removed inspect_result method from scanners. Now they will append results in the _process method;
    Removed decorator append_args, no longer needed;
    Updated fuzz types and created a class to store the plugin categories on utils/consts;
    Moved both logger and reports to persistence directory;
    Updated the order of the parameters on PluginFactory methods;
    Moved the api to outside of a specific folder;
    Moved the argument build functions to utils/argument_utils;

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top