Projects

This page is reserved for projects which are actually under development:

• webfuzzer a free web vulnerability scanner
• libhttp LGPL'ed really simple C++ http library (like curl)

Webfuzzer

Webfuzzer is a tool that can be useful for both pen testers and web masters, it's a poor man web vulnerability scanner.

Its aim is to find common errors and vulnerabilities in all kind of web application, including perl scripts, php, asp, cgi. The original idea was just to investigate sql injection vulnerabilities (sql injection scanner). The idea was taken from wpoison and then the project grew a little. It was tested on Linux but should work and compile on most Unix variant.

I managed to detect undisclosed bugs in common web application, lots of sql injection possibilities, lots of cross site scripting vulns and some directory traversal using this tool. Rarely I've met mismanagement of php includes or possible code execution via shell escapes.

This was called webscan but when I realized that there are other projects with that name (which is anyway too generic), I renamed it webfuzzer. Webfuzzer is my first GPL'ed project.

I'm current writing a C++ multithreaded porting of this tool to make it work under win32 too and providing a simple GUI wrapper for command line. (Dec 2004)

As it's a work in progress there are several ways to help the project grow.

• Testing it vs web applications
• Giving credits in your advisories and linking it
• Sending me feedback (bugs, improvements, suggestions, backtraces)
• Sending me back comments if you find it useful or not, if you like it or if you think I'm wasting my time

Latest release of Webfuzzer is available for download in gzipped format here (webfuzzer-latest.tar.gz).

Lib Http

Todo...

Copyright (c) gunzip (Oct 2004) -- Il sito è ottimizzato per una risoluzione di 1024x768.