Powerfuzzer - Highly automated and fully customizable web fuzzer

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.

Don't have a clue what a Fuzzer/Fuzz testing is ? Not a problem, read on here

Currently, it is capable of identifying these problems:
- Cross Site Scripting (XSS)
- Injections (SQL, LDAP, code, commands, and XPATH)
- CRLF
- HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)

Designed and coded to be modular and extendable. Adding new checks should simply entail adding new methods.

Prerequisites and Installation

It is platform independent, hence powerfuzzer should run on Windows/Linux/Unix (Tested on Windows XP SP2 and Linux). Install Python(Tested with Python 2.5), wxPython (Tested with wxPython 2.8), HTML Tidy Library, ctypes, TidyLib Python wrapper and you're ready to go.

To start using the application execute powerfuzzer.exe when installed using the installer package or unzip the package and double click (execute) powerfuzzer.py

Download powerfuzzer_v1_beta_patched_binary_installer_complete.exe (6.1 MB)

Source-

http://www.powerfuzzer.com/

Screenshot -